Help me improve my function!

Anon

When you UPDATE or INSERT to a db-table your SQL breaks if there are ' apostrophies in the query. And this is solved if you replace ' apostrophies with '' double-apostrofies.
For example: $name = str_replace("'","''",$name);

But, instead of testing and replacing all elements individually I wrote this somewhat flaky function to handle the whole SQL statement.

function strip_apos($q) {
$q = str_replace("'","''",$q);
$q = str_replace("(''","('",$q);
$q = str_replace("= ''","= '",$q);
$q = str_replace("=''","='",$q);
$q = str_replace("'')","')",$q);
$q = str_replace("'',","',",$q);
$q = str_replace(",''",",'",$q);

return $q;

}

$query = strip_apos($query);

The wormhole in this function now is if you enter for example:
$name ="Peter,'Bengtsson";
(according to the function, ",'" is not being changed to ''.

Can you all help me improve this function so that we all can use it?
Comments? Bugs? Please report.

Anon

Why don't you just run the addslashes function on the text before you put it in the query. Much faster than your function...

Anon

Yes, maybe you're right, but the idea was that did not want to addslashes() on every element; but rather the whole SQL statement.

Anon

If you are building your elements programmatically, then it should just be one extra line in a for next loop...