I'm not sure why
$string = $conn->escape_string($_POST["data"]);
has been downvoted into obvlivian, but it is the only thing that works if you're using the mysqli class.
For example
<?php
print "function output: " . mysqli_escape_string($_REQUEST["foo"]) . "\n";
print "method output: " . $mysqli->escape_string($_REQUEST["foo"]) . "\n";
?>
prints:
function output:
method output: bar
This is with php 7.0