03.11.2013, 09:00
You need to escape the characters and always use DB_Escape when inserting strings into a Query to prevent from being victim of SQL Injection.
If you also take a look at that function, you'll see that it uses: \'
instead of a simple character: '
If you also take a look at that function, you'll see that it uses: \'
instead of a simple character: '