OOPS.. I must be really sleepy.. To sum it up:
You have to use addcslashes - note the C in between. In this function, you can give the list of characters to be escaped.
So, addcslashes($str, "\x00\n\r\'\"\x1a"); is equivalent to
mysql_real_escape_string($str); since the latter escapes only the characters listed in the former.Here is the correct link:
http://www.php.net/manual/en/function.addcslashes.php