Very cool mod.
mysqli is definitely an improvement in many areas and it will be much more common once apps are pushed to php5. mysqli_real_escape_string is a great security feature. The question of course that you are trying to answer is, is it effective given x-cart's code bloat
