I'm currently trying to figure out how to use ODBC with PHP4 and PHP5 to connect with an Oracle database. The problem that I'm having that I can't seem to find any documenation is how to properly escape special characters in the SQL statements used in the ODBC such as single quotes in the strings. I would imagine there would be something similar to MySQL's mysql_real_escape_string but could not find anything in the docmentation. I thought odbc_prepare handled it for the developers but I guess I was wrong.

For example,
$sql = "INSERT into MyTable (FNAME, LNAME, IP, SN) VALUES ($fname, $lname, $ip, $sn);
$stmt = odbc_prepare($dbh, $sql);
$res = odbc_execute($stmt);

Does ayone know of some odbc function that handles all the escaping of the special characters?