mysql - Can sql injection be avoided by simply escaping single quotes and backslashes without using a prepare statement?

Question

For example, if I enter the login name login_name as \', I will spell out this SQL:

  SELECT * FROM account WHERE (1) AND (`account`.login_name = '\\'') 

Enter the login name login_name as ' or 1 = 1 to spell out this SQL:

SELECT * FROM account WHERE (1) AND (`account`.login_name = '\' or 1 = 1') 

Can this avoid sql injection?

Answer 1

No, suppose login_name is ' or 1 = 1, what is the result after escaping?