On Mon, Mar 18, 2013 at 2:19 PM, Sebastian Krebs <krebs.seb@xxxxxxxxx>wrote: > 2013/3/18 Ken Robinson <kenrbnsn@xxxxxxxxx> > > > > > > > On 18.03.2013 09:10, Norah Jones wrote: > > > >> I am having an string which was have few ' (single quote) and few " > >> (double quotes) and was not able to insert into the mysql database. I > >> have replaced them with \' and \" and everything is fine. > >> Though this are fine now but don't understand the working and I could > >> have missed few corner cases also. Please suggest the working and also > >> if there is some better way to achieve this. > >> > > > > You should be using either mysql_real_escape_string or > > mysqli_real_escape_string (preferably the later) depending on how you're > > accessing the DB. > > > You shouldn't use ext/mysql at all! > Use prepared statements with PDO_MYSQL or MySQLi > > And here comes the flame war again...