The sql injection will work only when my query looks like below sample

SELECT * FROM login WHERE id = $my_id_va;

Assume if my query is

SELECT * FROM login WHERE id = $my_id_va ORDER BY id DESC

Than I will get following error

#1064 – You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘order by id desc’ at line 1

So, this 1 or 1=1; SHOW TABLES will not work, correct?

My site was hacked successively many times.

I want one quick answer: When my query looks like the following one, what ways or which types of query can they use to hack my site?

SELECT * FROM login WHERE id = $my_id_va ORDER BY id DESC

What are the ways to execute the show table in the following query

SELECT * FROM login WHERE id = $my_id_va ORDER BY id DESC

I am also using escaping function to handle the query string values, like mysql_real_escape_string($my_id_va). Yes, obviously this for single related hack, but not sure.

Added some more

SELECT EventActuallyCharged, EventDate FROM tblevent WHERE EventDate between '2011-07-21 or 1=1; SHOW TABLES --' and '2011-07-31' ORDER BY EventDate DESC

but show table not worked