What is the best way to escape strings for sql inserts, updates?
I want to allow special characters including ' and ". Is the best way to search and replace each string before I use it in an insert statement?
Thanks
Duplicate of: http://stackoverflow.com/questions/568995/best-way-to-defend-against-mysql-injection-and-cross-site-scripting