Assuming that you're using MySQL, you can avoid it by sanitizing your database inputs with the mysql_real_escape_string() function. A similar function exists for the MySQLi extension. Take the following code for example:
Code: Select all
$chat = "what's your name?";
$sanitizedchat = mysql_real_escape_string($chat);