Just a quick note about PHP’s mysql_real_escape_string() function. Basically the function will remove possibility of visitors throwing binary data or other exploits into your forms etc on your website. I recently had a problem figuring out why my mysql_real_escape_string($variable) was null. Silly me, I didn’t even think about the fact that the MySQL database connection must be made first, as in before the mysql_real_escape_string() function can be used.
So if your mysql_real_escape_string() is not receiving any data, make sure you’re connecting to the MySQL database first and then using the function.