postgresql quotes problem

$url = "What's up with "You doing this"";
$q = sprintf ("update user set url='%s'",$url);
pg_query ($db_conn, $q)

I want to insert everything into the database exactly as the user wants. I don't want to escape anything. The above would fail for me because of the quotes. I know single quotes have to go around the postgresql string (url='%s'). Since there are double quotes in my url string the query will not update because of it. I'm sure I coul开发者_如何学God do a string replace for all double quotes and make them single quotes but what if the user really wants double quotes. And I cannot use string replace to put a backslash because according to the postgresql docs the slash will be deprecated soon (http://www.postgresql.org/docs/8.1/interactive/sql-syntax.html) plus that goes against inserting only what the user inputted.

What do people suggest I do?

Use pg_escape_string to escape quote characters in your string.

Use parametrized queries:

pg_query_params
        (
        $db_conn,
        "UPDATE user SET url = $1",
        array('What's up with "You doing this"')
        );

escape your double quotes in the text like this

$url = "What\'s up with \"You doing this\"";