Hello everyone!

I am developing a script that uses dynamically generated queries based on user input however those fields can be modified using a tool such as firebug and would like to know if someone can tell me if I am doing things the right way or if there is a way to sanitize the queries in a better way, basically for all fields in the form the values are limited so I make sure that the passed value is in an array of accepted values otherwise the query is stopped but there is a field where the user can enter text to search for and that cannot be limited to certain values the way I did with the rest of the fields so I am using mysql_real_escape_string only basically for the text field I do the following

PHP Code:
if ( $delimiters['filterword'] != null ){    
        
$delimiters['filterword'] = mysql_real_escape_string $delimiters['filterword'] );
        
$query .= $where 'title LIKE "%' $delimiters['filterword'] . '%"';
        
$query2 .= $where 'title LIKE "%' $delimiters['filterword'] . '%"';
    } 
And for the rest of the fileds where the values are limited to an expected value I do this

PHP Code:
if ( ( int ) $delimiters['lang'] != ){
        if ( 
in_array $delimiters['lang'], $expectedValuestrue ) === false )
            die ( 
$err );
        
$query .= $where $and ' language = "' $delimiters['lang'] . '"';
        
$query2 .= $where $and ' language = "' $delimiters['lang'] . '"';
    } 
Is this a good way of doing it or should I be sanitizing the data some other way?