You could try mysql_real_escape_string. Although if you wanted to take it further, you could filter depending on what you're expecting the data to be. Integer, string, et cetera...

__________________
The man who comes back through the Door in the Wall will never be quite the same as the man who went out.