Before insert information into a database for any reason, you need to escape the content so you don’t get SQL hacked (injected)