Is mysql_real_escape_string enough to Anti SQL Injection?

Question

In PHP Manual, there is a note:

Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks.

Answer 1

The best solution is PDO.

If you're using the traditional mysql_query then running all of your data through mysql_real_escape_string() is enough.