[ciapug] The quote trouble

[Claus]

Hello

This time a more specific questions.  What do you do with user input 
that potentially could include single and double quotes.  Single quotes 
will cause problems with my sql statements (postgresql in my case) and 
double quotes with the html code (i.e. value attribute of a form field).

Do you add escape characters each time you do an SQL code (i.e. a second 
single quote) and when including them in value attributes (i.e. 
backslash).  Or do you store the data after it has been converted with 
htmlspecialchars() (i.e. double quote becomes &quot and single quote 
becomes &#039).  Or do you have a better way to do it?

Thanks,
   Claus