Should mysql_real_escape to escape the variables be used for all the queries to the database?
Yes, always escape variables you pass into queries.
Even better, use PDO:
<?php
/* Execute a prepared statement by binding PHP variables */
$calories = 150;
$colour = 'red';
$sth = $dbh->prepare('SELECT name, colour, calories
FROM fruit
WHERE calories < :calories AND colour = :colour');
$sth->bindParam(':calories', $calories, PDO::PARAM_INT);
$sth->bindParam(':colour', $colour, PDO::PARAM_STR, 12);
$sth->execute();
?>
This way you don't need to deal with escaping (unless you have queries that require special care).
But if you insist on using the MySQL extension, then use mysql_real_escape_string().
Yes, you should escape all variables for security reasons. Escaping numbers, etc. does not change anything, so there is no problem in escaping them, too. You should escape everything, since you might accidentally miss any variable otherwise. I suggest using PHP's mysql_real_escape_string()-function or PDO's prepared statements.
Should you always secure query arguments? Yes.
Should you always use mysql_real_escape_string for it? No.
If you're not going to use prepared statements, consider using mysqli_real_escape (mind the i for improved) to encode strings that contain NUL (ASCII 0), , , \, ', ", and Control-Z. Additional precautions might be necessary though.
MySQLi is the actively developed mysql extension nowadays. The old MySQL extension only gets occasional bugfixes, but is no longer actively developed for quite some time now.
See these two tutorials at DevZone (but also note that both articles are ancient by internet standards)