Use the ? placeholder with PEAR DB
<?php
$sth $dbh->query('INSERT INTO songs (title,artist) VALUES (?,?)',
                   array($title$artist));
?>
Use strtr() to escape % and _ after escaping '
<?php
$title $dbh->quote($title);
$title strtr($title, array('_' => '\_''%' => '\%'));
$sth $dbh->query("DELETE FROM songs WHERE title LIKE $title");
?>
You can also use mysql_real_escape_string() or addslashes().