single quotes in SQL Query

Question

Im writing a php script that is used to update a database but it is giving errors when i tries to run the query it returns an error along the lines of

You h         


        

Answer 1

As you are using DB API directly (no DB abstraction level) the best solution is to use DB escape function.

Just use mysql_real_escape_string().

As a bonus you'll get a really improved security against SQL INJECTION attacs your previous code was prone.

In the case you would simply escape slashes you have, again, to use php/mysql functions addslashes() will do the job in this case.