PHP has a whole bunch of pre-built functions to escape strings and most of them for MySQL, but only one does not require the mysql link identifier to work and all of them give the same result.

mysql_real_escape_string, mysqli_real_escape_string and mysqli_escape_string requires the link identifier to work, otherwise will throw an error, but the mysql_escape_string does not.

All of the functions will escape quotes, double quotes, slashes and so on. The real escape ones, does more escaping to better work with MySql, and all of them are more than necessary for avoiding sql injection attacks or user input errors.

For more info go to PHP.net