Is this PHP code secure from CSS ?

["kha" <kha.kha () laposte net>]

Hi,

I've got an intranet website (apache/php/mysql) on which i use this php code
for the admin authentification :

$login = mysql_escape_string($post-login);
$password = mysql_escape_string($post-password);

$lines = performQuery("select id from users where name='$login' and
pass='$password'");

Do i need only the mysql_escape_string function to prevent sql injections in
the form or i should perform other checks ?

NB : passwords are not yet encrypted in the database.

Thanks in advance,

Mathieu.