(PHP 4 >= 4.3.0)
mysql_real_escape_string -- Escapes special characters in a string for use in a SQL statement, taking into account the current charset of the connection.This function will escape special characters in the unescaped_string, taking into account the current charset of the connection so that it is safe to place it in a mysql_query().
Note: mysql_real_escape_string() does not escape % and _.
See also mysql_escape_string() and mysql_character_set_name().