I had just hired someone to do a secure form and pasted below is just a snippet of a large code:
$_POST = escape_all($_POST);
$some1 = $_POST['some1'];
$some2 = $_POST['some2'];
$some3 = $_POST['some3'];
$some4 = $_POST['some4'];
$some5 = $_POST['some5'];
$some6 = $_POST['some6'];
$some7 = $_POST['some7'];
$some8 = $_POST['some8'];
Is that the right way or should i add mysql_real_escape_string(); to all of the variables?
That looks like he's written a custom function to escape. As long as that escape_all function is calling mysql_real_escape string, it will technically work, although I wouldn't say it's the preferred solution for a few reasons.
Firstly, you'll want to be careful that you aren't escaping anywhere else, as it can easily lead to double escaping, which can cause other problems.
Also, you can end up escaping a whole lot of data that doesn't need to be escaped depending on the situation, if performance is a concern.
And yes, using mysqli instead of mysql is generally preferable.