Queries with special characters ''''

fredu

I have a script that queries what the user wants to.

$query="SELECT * FROM $discussion WHERE threadname='$tname' ORDER BY date DESC";

and it works fine until the variable $tname has a character like ' in it. And I want it to accept it because there are things that have a ' in the database... any way to work around this?

mrhappiness

[man]mysql_real_escape_string[/man]

and check [man]get_magic_quotes_gpc[/man] before calling the above function