mysqli_real_escape_string Clarification

mysqli_real_escape_string Clarification

I started building a website a while ago and I kept hearing more and more
about using mysqli_real_escape_string, however even though I know How to
use it, I'm unsure of exactly when to use it. From what I can see I should
only really need to use it when the user Inputs something into my website?
At the moment I'm using a lot of jquery.post to send data between pages,
some of which has been taken from the database already and some is from
user inputs, so is it correct to escape everything that is passed or just
what users add?