in typical PHP applications I used to use mysql_real_escape_string before I did SQL inserts. However I am unable to do that in Drupal so would need some assistance. And without any sort of function like that, user input with apostrophes is breaking my code.
Please suggest.
Thank You
My SQL is as follows:
$sql = "INSERT INTO some_table (field1, field2) VALUES ('$field1', '$field2')";
db_query($sql);
Wrap your table with {}.
Also, use the proper placeholder syntax for insertion, like %d for numbers, %s for strings.
Here is the function API page:
http://api.drupal.org/api/function/db_query/6
Note that it has arguments.
Example:
db_query('INSERT INTO {tablename} (field1, field2) VALUES ("%s", "%s")', $field1, $field2);