mysqli_real_escape is unnecessary in this situation - you simply validate the filename properly and then the call will be completely safe without needing to escape anything
For example:
INSERT INTO myimagetable (image_name, myimage) VALUES ('myimage.jpg', LOAD_FILE('images/myimage.jpg'));
substitutiong the filename for the image name string field and the filename including relative path for loading the image into the blob field using the LOAD_FILE mySQL function.
Retrieving it back into an image is just as easy:
SELECT myimage INTO DUMPFILE 'images/myimage.jpg' FROM myimagetable WHERE image_name = 'myimage.jpg';
The only reason you have had problems is all the unnecessary PHP file processing.