Type: Posts; User: PhHein
Use PreparedStatements! They will deal with the syntax and prevent sql injection.