addslashes() and mysql_real_escape_string() are an equal solution to cleansing data before it's inserted in a database.

There, I've said it.

I've done quite a bit of web searching to prove this point to myself, but I'm very curious about why people swear by mysql_real_escape_string(). The only things people seem to say about mysql_real_escape_string() is that it's safer...and somehow they always fail to mention why it's safer.

Character encoding.....ok--I don't quite grasp it all. Just show me any kind of sql injection that gets by addslashes() but not mysql_real_escape_string().