mysqli_real_escape_string would add slashes when ever it encounters a ' or ".

You may have to remove the slashes latter.

If you really want to build your own security checks I think you should try it but for the stress - Just use Prepared statements alone.