dear friend i want to insert a row in orecal which is

insert into employee ('AMIT D'SOZA', 'MANAGER','500')

thorugth php
but there is problem to insert data like 'AMIT D'SOZA'
so i want to restrict "'" (singal quets ) to enter in text fields
plz help me if you have any other solution then plz shere it

Preferably use parameter binding.

What is the PHP code you are currently using?

You should use mysql_real_escape_string() or mysqli_real_escape_string() on most string data before you store it in a mySQL database. This is especially true for data that comes from forms. Then when you retrieve this data, you can restore it to the original state with stripslashes().

Do some reading on "PHP mySQL security" and you'll get a more complete explanation of all this.

You should use mysql_real_escape_string() or mysqli_real_escape_string() on most string data before you store it in a mySQL database.

Although misspelled, he's using Oracle.

Thanks. I missed that.

I would expect that there's an equivilent function for Oracle, but in the meantime you could use addslashes(). Best to check for a proper function that protects your database from hackers, of course.