Help me stop the user from entering harmful codes

[CrucialX]

this question had been evolving in my mind, how do i totally stop the users from entering some crazy SQL injections. isn't mysql_real_escape_string powerful enough to stop it? i followed some guidelines though there were some users in here who criticized my code and gave me thumbs down for the security. i was unable to understand the reason behind it. though i am not using $_GET, the only user input is through commenting system. i just want to make sure i am not going wrong. here is my sample code. \[code\]$name = htmlspecialchars(strip_tags(mysql_real_escape_string($_POST['com_name'])));\[/code\]I have used the same for some 5 fields. what is your take on my above code?