What do I need to escape when sending a query?

Question

When you execute a SQL query, you have to clean your strings or users can execute malicious SQL on your website.

I usually just have a function escape_string(blah),

Answer 1

In MySQL query, when using LIKE, also make sure to escape the "_" characters as it is not escaped by mysql_real_escape_string.

For reference, check here