What do I need to escape when sending a query?

Question

When you execute a SQL query, you have to clean your strings or users can execute malicious SQL on your website.

I usually just have a function escape_string(blah),

Answer 1

Which language are using? It seems like pretty much all of them have built-in SQL escape functions that would be better to use.

For example, PHP has mysql_real_escape_string and addslashes.