Apostrophes can be a pain while sending sql update queries in from php when there's a non-matching "'" inside the string. What is the best practice to overcome this problem?
Thanks
I think the best practice is to use prepared statements, but you can use the addslashes($string) and stripslashes($string) functions too.
PDO:
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute(array(':username' => $_GET['username']));
MySQLi:
$query = $mysqli->prepare('SELECT * FROM users WHERE username = s');
$query->bind_param('s', $_GET['username']);
These extensions have built-in functions for creating prepared queries which let you use quotes and apostrophes without any problems.