好吧，也许最简单的解决方案是使用 mysql_real_escape_string() 函数，如下所示:

Well, maybe the simplest solution is to use mysql_real_escape_string() function like this:

$opendb = mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

$text = $_POST['text'];

mysql_query("UPDATE table SET text='" . mysql_real_escape_string($text) . "' WHERE 
id='" . $_GET['id'] . "'");

mysql_close($opendb);

使用此代码，您可以将 $text 变量中的特殊字符保存到数据库中.

using this code you could allow special characters in $text variable to be saved into the database.

你也应该转义 $_GET['id'].

You should escape $_GET['id'] also.