[php & mySQL] advice

I have a script that inserts variables into a database something like:

INSERT INTO table_name (text1,text2,text3,text4) VALUES (’$text1’, ‘$text2’, ‘$text3’, ‘$text4’)

as you can see it puts the variables directly into the database, now if one of those variables has a in it it would mess up the the sql statement. How should I avoid this? I was thinking of using str_replace and replace with but that doesn’t work. Any Ideas? I know there is a simple solution I just can’t think of it right now.

Thanks.