I want to escape ‘ and “. I can’t figure out how to do this.
I guess the easiest way is to just add a to them, but how to do that?
BTW this is to stop some innocent SQL injection on my site.
You can use the function addslashes() to escape all of the ” and ‘ characters.
The proper way to prevent SQL injection is to use parameterised queries.
also try this
<?php $value = stripslashes($value); // to strip the slash. $value = mysql_real_escape_string($value); // to add slash. ?>