I want to save string "thats'one" in my table columns, but I don't want to use
Since Im seeing so many low quality comments here, here is a rough untested answer.
$query = "INSERT INTO table (Column) VALUES (?)"; $stmt = $mysqli->prepare($query); $stmt->bind_param("s", $val1); $val1 = "thats'one"; $stmt->execute();
$mysqli is your connection object.
Additional links on the topic:
How can I prevent SQL-injection in PHP?