what are the best methods for preventing MYSQL injection. I am currently using mysql_real_escape_string however when I look within my database it still excepts all the characters I inputted.
You're already preventing SQL injection using the best method available for PHP, mysql_real_escape_string. Your understanding of what it does just needs adjusting . The idea is not to omit the characters that can be used maliciously, but to escape them with a backslash. So they lose their potential to be used this way and are rendered simply as text. It's when you're not seeing the text in the database that you need to start worrying.
Another option, although a bit more heavyweight, is to use an db layer for your db connectivity. Doctrine or Propel ORM will provide you with a wrapper to your database and manage all the escaping automatically. Then there's no need to worry about it in each read/write request to the db.
mysql_real_escape_string is the good method for preventing SQL injection. If you want to learn new things to prevent SQL injection then user PDO. Check here for PDO introduction and basic startup notes best of luck with PDO..
sorry for my bad english but the best way to prevent mysql injection is to check the data you expect for example if you expect that the user will input number check if it number .