How safe is this query method

Question

If we can't use PDO or mysqli (for any reason), is this method safe for INSERT and SELECT?

<?php

  if (!empty($_POST[id]) && !empty($_POST[name])) {
    require_once ( 'config.php' );

    // SAFE INTVAL ID
    $id = intval($_POST[id]);

    $connect = mysql_connect("$server", "$user", "$password")
    OR die(mysql_error());
    mysql_select_db("$database", $connect);

    // ESCAPING NAME
    $name = mysql_real_escape_string($_POST[name]);

    $query = "INSERT INTO table (id, name) VALUES ('$id', '$name')";
    $result = mysql_query($query, $connect);

    if (!$result) { echo 'success'; } else { echo 'fail'; }
  }

?>

cause i've read many times never to use mysql_query, is it dangerous even if we are careful and escape in time?

Answer 1

As per my knowledge, your query is perfectly fine. You are escaping the SQL with

mysql_real_escape_string($_POST[name])

This adds additional security to your code. The only suggestion is that use:

$_POST['name']

instead of

$_POST[name]

As it will generate PHP warning.

Thanks.