How to escape an apostrophe in a textarea

Awestruck

I have form for posting messages to my forum for collecting pithy quotations, If users include an apostrophe the post fails with an error message. The error handler is process_post.php. Normally the handler works OK. It displays an error message if the message textarea is empty and it removes all HTML tags, however, an
apostrophe such as he's or one's will trigger an error message.

The relevant bit of code in the post.php page is as follows:

<?php // The form for posting messages
include ( 'includes/header_post.php' ) ;
echo '<h2>Post a Quotation</h2>';
require ('process_post.php');
// Display the form fields
echo '<form action="process_post.php" method="post" accept-charset="utf-8">
<p>Choose the Subject: <select name="subject">
<option value="Comical Quotes">Comical Quotes</option>
<option value="Wise Quotes">Wise Quotes</option>
</select></p>
<p>Message:<br><textarea name="message" rows="5" cols="50"></textarea></p>
<p><input name="submit" type="submit" value="Post"></p></form>';
include ( 'includes/footer.php' ) ;
?>

The process_post.php code is as follows:

<?php 
// Start the session.
session_start();
// Include the login functions to check for errors
require ( 'login_functions.php' ) ;
// If users are not logged in, redirect them
if ( !isset( $_SESSION[ 'member_id' ] ) ) { load('login.php') ; }
// Has the form been submitted?
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
    require ( 'mysqli_connect.php' ) ;
// Check that the user has entered a message (the subject is commented out as it is supplied by a drop down selection.
//  if ( empty($_POST['subject'] ) ) { echo '<p>You forgot to enter a subject.</p>'; }
  if ( empty($_POST['message'] ) ) { echo '<p>You forgot to enter a message.</p>'; }
   if ( !empty( $_POST['message'] ) ){
   $message = mysqli_real_escape_string( $dbcon, strip_tags(trim( $_POST['message'] )) ) ; 
  }
// If successful insert the post into the database table
//Make the insert query
    $q = "INSERT INTO forum(uname, subject, message, post_date) 
          VALUES ('{$_SESSION['uname']}', '{$_POST['subject']}','{$_POST['message']}',NOW() )";
    $result = mysqli_query ( $dbcon, $q ) ;
    // If it fails display error message
    if (mysqli_affected_rows($dbcon) != 1) { echo '<p>Error</p>'.mysqli_error($dbcon); } else { load('forum.php'); }
    // Close the database connection
    mysqli_close( $dbcon ) ; 
    }
// Create a link back to the forum page.
echo '<p><a href="forum.php">Forum</a>' ;
include ( 'includes/footer.php' ) ;
?>

Please can you tell me how can I tweak the process post file so that apostrophes are escaped.
(no JavaScript please)

laserlight

You used mysqli_real_escape_string to escape the contents of $POST['message'], but then instead of using the result, you go on to directly use $POST['message'] in the SQL statement. If you fix this, you will fix that problem, but the problem will remain for the other fields.

I suggest that you look into the use of a prepared statement.

Awestruck

Many thanks laserlight. Your solution plus a couple of oher tweaks solved the problem.