I'm trying to run update query on some text fields by setting the column name in the table equal to a string variable. This works fine until i come across a string variable that consists of characters such as " ' , which conflict with the sql syntax. How can one tell php to overlook these characters in the string so that the query can be executed successfully?...surrounding the string with opposing quotations does not work because there could be multiple instances of single and double quotes. What these string variables are, are user submitted form information that gets saved into a database. So proper grammer such as using a word like "wasn't", or just a simple comma "," throws off the sql syntax...is there a way to avoid this issue?