Actually a quick test without the mysql_real_escape_string() demonstrated that it worked fine. Data was injected correctly into the database.