ahh, maybe that was my problem. Like I said, it's been a while. I've been spoiled by linq, visual studio, and .net. Just drag the table into my dbml file, then call the object and pass in stuff and hit call submitchanges. Just too damn easy.
The PHP team recommends using PDO for all new development. There's a lot of people who swear by Zend_Db and Doctrine, which layer on top of PDO's not quite perfect interface.
To see why something is broken, my go to is var_dump($somevar). It shows me the data type of the variable and the value of the variable, the former sometimes being incredibly useful for tracking down a bug. In your case, it would have shown a 'bool' as the data type.
As hinted at, mysql_real_escape() should not return "" (an empty string) unless something else is wrong in your code. Nothing has changed in this respect.
However, whether you should be using mysql_real_escape() (part of the out-dated MySQL extension) is another matter. As mentioned above, PDO is the recommended extension these days. You can then use prepared queries which avoids the need to manually "mysql escape" anything.
If you want you can also use the mysqli (note the i) interface. It's a bit more familiar than the PDO stuff and it's not deprecated like the mysql one. It also supports prepared statements so you can get rid of all the escaping crap (if you use prepared statements to separate code from data).
Thanks, I had looked at mysqli, it's just tough to switch to a new one because I'll have to invest time in learning something new, and I don't really do that much with php now anyways. I'll probably use pdo though, thanks.