Escapes a string so it is ready to be used as a SQL query. Specifically, this function will double single quotes (') or prepend a backslash (\) to them.
string db_escape_string(string str)
NOTE: This is a SQL function. See <winterpostwiki>Database support</winterpostwiki> for more information.
The function returns the escaped string.
// Remove quotes from string
$item = db_escape_string("That's all");
$res = db_query($item);