In fact, there are 3 ways to manipulate MySQL DB.
* mysql set of functions (MySQL 3.x, 4.0) - mysql_escape_string()
* mysqli set of functions (MySQL 4.1, 5.x) - mysqli_real_escape_string()
* PDO set of functions (can be used as a DB layer) - PDO::quote()
If you are coding a new project, you should use PDO, as it is database independent (if you do it right way):