(PHP 4 >= 4.0.3)
string mysql_escape_string (string unescaped_string)
string mysql_escape_string
This function will escape the unescaped_string, so that it is safe to place it in a mysql_query().
Note: mysql_escape_string() does not escape % and _.