Is mysql_real_escape_string enough for very simple database inserts?

[TheOracle]

Sample code:\[code\]$email = "" . $_POST['email'];$con = mysql_connect("localhost","user","pass") or die('Could not connect to database.');mysql_select_db("face", $con);// Sanitization step$sanitemail = mysql_real_escape_string($email);// Is this safe?mysql_query("INSERT INTO landing_oct_2010 (email) VALUES ('$sanitemail');");\[/code\]I'd like to know if, for this simple task, whether just using \[code\]mysql_real_escape_string\[/code\] is fully sufficient to prevent at least injection style SQL attacks, or if there's some other precaution I should take.The fact that I'm collecting email addresses in this sample is incidental. If I know I'm working with email addresses, I would just throw in a regex and some DNS checks and there I'd have built in validation as well. However, I'd like to focus on the general problem at hand: is the single sanitation function enough?