Hi,

I get catalogue information from my distributer via an xml feed.

I have parsed the DOM and stripped out all the info I need.

The variable $description_full contains the products full description in html form.

The problem I have is when I execute the query:

$query = sprintf("INSERT INTO products_description (products_name, products_description)
VALUES ('$description_title', '$description_full')");

if $description_full has " (double quotes) or ' (single quote) the query fails.

How can I escape these characters?

I've trided:
\"$description_full\"
$description_full = str_replace("'", "''", $description_full); (replaces single ' with two single quotes '')
$description_full = str_replace("'", "", $description_full); (remove single ' this resulted in an empty query)
and a bunch of other things.

I'm not sure how I can insert the description into the database...

Thanks in advance.

Chuck