mysql_escape_string(string)
This function returns an escaped version of a string (with backslashes before special characters such as quotes) for use in a MySQL query. This function is a little more thorough than addslashes or PHP's Magic Quotes feature, but those methods are generally sufficient (and in the case of Magic Quotes, automatic), so this function is rarely used.