Is this a question about how to do it in Perl or PHP? In Perl, DBI has a quote() method, and placeholders do the quoting (if at all necessary) for you on their own. In PHP, look for an equivalent function. Update: See mysql_escape_string

Makeshifts last the longest.