Yes, I agree that mysql_real_escape_string is not meant for sanitising and whether you use this or PDO doesn't make any difference on security as long as you use the tools properly. But yes, the old mysql extension is deprecated so it's a good idea to move to PDO or mysqli.
However, I personally dislike PHP's filter functions. While they are a good idea they are very poorly implemented. The specific filters often don't do what they should be doing, for example FILTER_SANITIZE_NUMBER_FLOAT or FILTER_SANITIZE_NUMBER_INT can result in corrupted numbers like ++++039430--23.
FILTER_SANITIZE_STRING for me doesn't make sense as it always strips html tags. I have made so many sites and online systems and I haven't come up across a single case where I would want or need to strip tags of user submitted input - with the proper escaping of output this is not necessary for security at all. However, I think FILTER_SANITIZE_STRING should be able to remove stuff like unprintable control characters or sanitize corrupted strings in multi-byte Unicode character sets - such important stuff is lacking there. I have tried these functions and have no need to touch them again, especially that in 90% they replicate what other functions are already doing. Good idea, flawed execution.
For validating/sanitizing I use:
<, >, ==
and a combination of other similar methods.