How do I handle single quotes inside a SQL query in PHP?

Question

I am using a particular query for inserting records. It is going well. I am even fetching records with a select query. But my problem is that, if the record contains single

Answer 1

use http://www.php.net/manual/en/function.mysql-real-escape-string.php function on your string to quote "'" and other special symbols Other way to prevent injection - use different connections (login-passwords) with different rights for inserting and selecting. In this case mysql_real_escape_string wi9ll work good