mysql_real_escape_string
(PHP 4 >= 4.3.0)
mysql_real_escape_string -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection.Description
string mysql_real_escape_string ( string unescaped_string [, resource link_identifier])This function will escape special characters in the unescaped_string, taking into account the current charset of the connection so that it is safe to place it in a mysql_query().
Note: mysql_real_escape_string() does not escape % and _.
See also mysql_escape_string() and mysql_character_set_name().