why can't I used the mysqli_escape_string function without having a database connection?
From the documentation:
Escapes special characters in a string for use in an SQL statement, taking into account the current charset of the connection
It has to have a connection so that it knows what charset the database is using so it can use the right rules for escaping the data.