Actually, performance varies based upon various conditions. Typically mysqli seems to perform about the same as mysql, but if you use Prepared Statements, you don't have to escape values, and there is a definite speed increase in MySQLi over MySQL
Additionally, MySQLi only auto-escapes strings used in a Prepared Statement. You still need to use mysqli_real_escape_string to sanitize your data otherwise:
http://www.php.net/manual/en/function.mysqli-real-escape-string.php