MySQL Query not inserted when PHP variable contains single quotes

Question

This query not inserted when variable $subject has single quotes . Is there any possible solution available ?

mysql_query(\"INSERT INTO  table  (to_email_id,         


        

Answer 1

Escape your parameters.

$to = mysql_real_escape_string($to);
$subject = mysql_real_escape_string($subject);
mysql_query("INSERT INTO  table (to_email_id, subject) values('$to', '$subject');");

Manual: mysql_real_escape_string()

Also, please read about SQL injection attacks.