Should I use PDO to sanitize my Sql queries or is "mysql_real_escape_string" enough? [duplicate]

This question already has an开发者_如何转开发swers here: Why is PDO better for escaping MySQL queries/querystrings than mysql_real_escape_string? (6 answers) Closed 2 years ago.

I have a simple classifieds website...

Classifieds are inserted into MySql tables and the only thing I use to sanitize user input is mysql_real_escape_string.

Is this enough?

The PDO is the best way offcourse, but what IS actually the difference between using only mysql_real_escape_string and PDO, in lets say this query:

   SELECT * FROM table_name WHERE table_name.classified = '$classified';

OR

   INSERT INTO table_name (input1, input2) VALUES ('$input1', $input2);

Thanks

---

I think mysql_real_escape_string is enough for storing in the database and warding against any sql injection attack. But other validation is a good idea to have just so that your dataset is more regular and less prone to contain junk.

For presenting any of this data, filtering (ala Drupal style etc. ) It's a good idea too.