Making an input string for a SELECT query safe?

I know there are a couple methods for this, but my brain is on vacation today (I can't remember anything for the life of me).

I am collecting a string from a form.input to use in a SELECT statement, but don't want to just plug whatever the user enters into the query (because it's dangerous).

SOMEBODY, please throw me a rope! :)

Even if I just get a key-work, I can look it up myself. I'm just hitting brick walls right now.

~ Mo

Assuming you're using mysql: mysql_real_escape_string();

If you're using the mysqli extension: mysqli_real_escape_string();

THAT'S IT!

I was trying and trying to remember, but the only term coming to mind was encoding, but this is what I was looking for.

Thanks.

lol :D