What characters have to be escaped to prevent (My)SQL injections?

Question

I\'m using MySQL API\'s function

mysql_real_escape_string()

Based on the documentation, it escapes the following characters:

Answer 1

couldn't one just delete the single quote(s) from user input?

eg: $input =~ s/\'|\"//g;