You usually add slashes (addslashes [php.net]) before you enter data into the database and strip off slashes (stripslashes [php.net]) on retrieval since single quote ('), double quote ("), backslash (\) and NUL (the NULL byte) have special meaning in SQL.

Andreas

I've noticed that many people using PHP somehow get their single quotes excaped by backslashes in their databases. I don't understand if it's a problem with a PHP library or code examples or what, but it's really prevalent. It comes from the fact that if you have quotes in your data and you're sloppy about the way you create your SQL statement that you can get a syntax error when your data closes the quptes in your SQL.

Anyway, that's probably the data that you have in your database. You can either unescape it when you pull it out, or make sure it gets put in properly., MySQL and other databases will properly quote data for you so that it doesn't contain any unacceptable characters. More reasonably, though, most languages provide a way to use placeholders in your SQL statements so that you don't have to worry about escaping quotes. I bet PHP does too.