Ummm...Clawed: FouLu is saying that *IF* he uses prepared statements then he will not *NEED* to use mysql_real_escape_string.
Which is not only correct, but much better than mysql_real_escape_string.
If you don't know about prepared statements, then time to read up on them.
An optimist sees the glass as half full.
A pessimist sees the glass as half empty.
A realist drinks it no matter how much there is.