is mysql_real_escape_string secure enough against attacks?

[greenheart]

Hello I am a php noobie and have a website I have designed all by myself. 

 

I'm adding a user login form in the corner of the page and the ability for logged in users to comment on my articles. I am using mysql_real_escape_string to prevent against sql injection attacks (have to load database records for user data and comment data) but is this sufficient/still the standard? I have heard of attacks that can get around this command, using other special characters I guess.

 

Thanks