Am I saving myself from sql injections?

Question

Am I doing this right? Will this help avoid sql injections?

$deleteid = htmlspecialchars(strip_tags(mysql_real_escape_string($_POST['listid'])));

mysql_send("DELETE FROM stage where listid='$deleteid'");

Answer 1

No.

You should call nothing but mysql_real_escape_string.

The htmlspecialchars and strip_tags functions are used to encode strings to be displayed as HTML.
They should not be used with SQL

Answer 2

It may prevent SQL injection attacks, but its a poor way to approach it. Use prepared queries instead.

Since your comment says you're systematically making changes to your whole site, go with the better approach. While you're at it, you may want to move to a non-MySQL-specific database API, in case you want to switch to another backend later.