How much safe is an input after passing through this function?
Is it 100% safe?
$id = $_POST['id'];
$id = mysql_real_escape_string($id);
The best way is not mixing SQL with user-provided data at all by using prepared statements.
In your case (assuming id is a number), simply use $id = intval($_POST['id']);. With a plain integer you cannot inject anything. You don't even need mysql_real_escape_string() n that case.
For string arguments, using mysql_real_escape_string() is sufficient - but never forget to single-quote the argument in the SQL string!
It is not safe.
It has nothing to do with safety at all