mysql_real_escape_string is your friend AOD. Course I'm taking for granted that you are using MySQL since your using PHP. A nice trick it to place an iterator at the top of your indexer that lets you escape ALL incoming REQUEST values. Then in your DAO simply make sure it calls strip_slashes.

I have a complete DAO with VO support that performs these operations automatically if it would help.

- Jeremy