Cant insert string with single quote into MySQL database

Question

Am trying to insert a string "what is your favorite uncle's name into a mysql database and am getting error message:

There was an error submitting your request You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'YOUR FAVORITE UNCLE'S NAME?, mobile_no = '+4479094484999', country ' at line 4"*

my code is:

 $sec_ques2 = mysql_real_escape_string($sec_ques);
 $insert = "INSERT INTO customers SET 
 acc_status = 'Inactive',
 acc_type = '{$acc_type}',
 sec_question = '{$sec_ques2}',
 mobile_no = '{$m_number}',
 country =    '{$country}',
 passkey = '{$passkey}',
 sec_ans= '{$answer}',
 home_address= '{$h_address}',
 gender = '{$gender}',
 first_name = '{$f_name}',
 last_name= '{$l_name}',
 emp_status = '{$emp_status}',
 marital_status = '{$m_status}',
 email_address = '{$email}'";

Answer 1

Well, the problem might be that you are using an UPDATE(basically should work) syntax in an INSERT query.

And additionally, the output of mysql_real_escape_string() function is still a string, so it should still be surrounded by 2 single quotes.

why won't you try something like this:

$sec_ques = mysql_real_escape_string($sec_ques);
$insert = "INSERT INTO accounts(field1, filed2, field3) 
VALUES('{$status}', '{$acc_type}', '{$sec_ques}')";

If that doesn't work either, perhaps you should migrate into using PDO, much more secure and comfortable.