Per the docs:
Security: the default character set
The character set must be set either at the server level, or with the API function mysqli_set_charset() for it to affect mysqli_real_escape_string(). See the concepts section on character sets for more information.
And therein lies the reason for having the connection: how to escape your string depends on the server’s character set.
solved What is the purpose of $connect in mysqli_real_escape_string($connect, $username)? [closed]