Copying information in a MySQL table with an apostrophe

I have a web site set up where I allow users to share(copy) information with each other. If one user has something stored that has an apostrophe, it messes up the copying process. How can this be fixed?

The php code looks like this.


$results = mysql_query("SELECT * FROM questions WHERE user = '$shareduserName' AND subject = '$subject' AND topic = '$topic'");
mysql_query("INSERT INTO topics (userid, subject, topic) VALUES ('$user', '$mysubject', '$mytopic')");

while ($row = mysql_fetch_array($results)) {
$question = $row['question'];
$answer = $row['answer'];


mysql_query("INSERT INTO questions (user, subject, topic, question, answer, ordernum) VALUES ('$user', '$mysubject', '$mytopic', '$question', '$answer', $count)");

$count++;
}

if i am understanding you well, let us say that you want to insert Maria'Ann as user into your database. You have to use the following code:

"INSERT INTO questions (user, subject)
VALUES('Maria\'Ann',$subject)";

In this way you are escaping the ' as \' otherwise the mysql will treat is an the end of the string to be inserted and will cause an error.

i hope this explains.

Actually, what I'm trying to do is copy it from one table to another. Users are able to copy information from someone else's profile to their own.

have you passed all inputs through mysqli_real_escape_string() function before being saved in the first table?

$escaped_data=mysqli_real_escape_string($database_connection,$_POST['data']);

No, I haven't.

mysqli_real_escape_string() function will escape dangerous characters when inputted by the user and therefore increase security.