Your strategy to use all possible escaping mechanisms may be safe, but will make your application too complex - imagine what you need to do, to use the data (which seems to be stored in a MySQL database later, right?) to print it in a html form later.
A more wise approach is, to use only the adequate escaping mechanism depending on the use of the data:
- to store data in a MySQL database, use a database escaping mechanism (btw instead of
mysql_real_escape_string()which is deprecated, use PDO::quote() or even better use parameter binding which already does escaping for you)
- to print stored data in html text use
htmlspecialchars(), possibly in conjunction with
- to print stored data in html attributes use
... and so on. Then you will most likely be safe of SQLInjection, XSS attacks and so on.