for any quote inside something that's quoted with the same you put a \ before it

'...crooked cop (Rosie Perez) and the city\'s most dangerous drug lord...'

the ( or ) shouldn't make any difference unless you forgot to quote around the string they are in

You can use mysql_real_escape_string() [php.net] to automatically escape the quotes. :)

I also think that '' (two single quotes) will be parsed as a single ' within the string in mysql. I would follow whoisgregg's advice though. mysql_real_escape is the way to go.

In the course of multiple development, I often encounter situations where an application must be ported to Perl, or vice versa.

Although prebuilt PHP functions are the method of choice, to avoid nit-picking over select statements, which are often objects in a function/sub, I use andrew's method.

insert into table (fields...) values ('one''s', 'two''s'....)

Single quoting has two small advantages, in my case. The first is described above, portability of my selects to other languages. The second is it only gives you a single character requiring escape, and you don't really need to escape it - just double it.

It is also one of the suggested methods in the mySQL documentation, so, at the "mySQL level," in ways it's as correct as any other approach.

Using single quotes doesn't interfere with other characters, specifically, the parentheses.

$value = "He's on it! (said the hare)";

$value = preg_replace("/'/","''",$value);

Of course, you'd loop through the insert/update values to avoid tons of variables.

But in PHP only, the provided functions are the method of choice.