MS SQL / PHP Working with Apostrophe..

I am attempting to pass a parameter to a "model number" lookup.

It was imported into the database from a predefined list, well this list has a few troublesom entries..

" Modelnum ('06) "

I have two options I know should work (but am trying to avoid)

1) Reprogram everything to make it form based (LAST resort)
2) Go in the SQL database (and master lists) and purge the apostrophe's.

Ideally, I would like to know the best method of passing on an apostrophe without causing any errors / using a form.

I am using:

$model = $_REQUEST['model'];

$query = "SELECT * from models where (model = '$model')"

I have attempted the '' (double apostrophe) and many other quote cominations.. what is the correct method?

Thanks a bunch.

big.nerd

See [man]mysql_real_escape_string[/man], which should be used to "sanitize" any values to be used in your queries that you aren't 100% safe.

$query = "SELECT * FROM models WHERE model = '".mysql_real_escape_string($model)."'";