I've got a script where I submit some fields that will get joined right into a MySQL database after i submit it now it is going through effectively but never will get placed in to the database if among the fields comes with an apostrophe. So what can I modify to get this work?

if ($_POST) {
$name = trim($_POST['your_name']);
$email = trim($_POST['your_email']);
$answers = $_POST['answers'];
$i = 0;
foreach ($answers as $a) {
    if (trim($a))

if ($name && $email && $i >= 40) {
    $array = array();
    $q = mysql_query("select * from fields");
    while($f = mysql_fetch_array($q))
        $array[$f['label']] = $answers[$f['ID']];

    $array = serialize($array);
    $time = time();
    $ip = $_SERVER['REMOTE_ADDR'];
    $token = md5($time);

    $result = mysql_query("insert into data (submit_name, submit_email, submit_data, submit_confirm, submit_time, submit_ip, submit_token) 
        values ('$name', '$email', '$array', '0', '$time', '$ip', '$token')");

You have to escape characters with special meaning in MySQL in your data.

The fast and dirty method to enhance your code is always to pass all of your strings through [cde] before placing them to your string of SQL.

The greater approach is always to switch from mysql_real_escape_string to something which enables using bound parameters (preferably with prepared statements).

Use [cde], because this will both fix your apostrophe problem and a minimum of partially assist in avoiding SQL injection attacks. If you won't want to get the hands dirty with PHP's built-in PDO library, you may think about a Database Abstraction Layer (DBAL). ADODB is definitely an example.