Use PDO and prepared queries.
PDO
($conn is a PDO object)
$conn
$stmt = $conn->prepare("INSERT INTO tbl VALUES(:id, :name)"); $stmt->bindValue(':id', $id); $stmt->bindValue(':name', $name); $stmt->execute();