How to correctly sanitize mssql query that stores emails

Question

I have a query that goes to a mailbox and tries to save all emails in a table. It works in most cases but it fails when the email content value has double or single quote marks.

Answer 1

You want to be using parameters:

$query = "INSERT INTO test (email, body) VALUES (?,?);";
$arrParams[]="my@domain.com";
$arrParams[]="My email body has quotes\'s or double quotes \" in it.";
$resource=sqlsrv_query($conn, $query, $arrParams); 

Source: sqlsrv_query