Hai folks,

every piece of user input (ex. login) will have to go through the below two functions in my project.
how good these functions are against an sql injection?

Code:
<?php

function filter($str){

	$str=strip_tags($str);
	$str=mysql_real_escape_string($str);
	
	return $str;
}
Code:
function compare($str){
	
	$arr = array 
	("select","union","order","by","update","drop","use","group","by","insert","load_file","into","in","to","outfile","having","substr","hex","unhex","where","--","/","\'","\"");
	
	for($i=0;$i<sizeof($arr);$i++){
		 $q=strpos(strtolower($str),$arr[$i]);
		 if($q!==false){
			return true;
			exit;
		 }
	}
	return false;
}
?>