It's a suggestion in the same way that wearing a seat belt is a suggestion. SQL Injection is the #1 web attack and these days the first approach, so if your software is going to be web facing at all, then you need to escape everything, you can use intval() for numbers instead if you don't wish to convert type.
Something "easier" may be prepared statements. You'll have to use MySQLi or PDO instead, MySQLi is easier to deal with in my opinion, it's just a PHP extension, it still uses the same version of MySQL you have now so no software changes required.
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php Opens a new window