Use the ? placeholder with PEAR DB
<?php
$sth = $dbh->query('INSERT INTO songs (title,artist) VALUES (?,?)',
                   array($title, $artist));
?>
Use strtr() to escape % and _ after escaping '
<?php
$title = $dbh->quote($title);
$title = strtr($title, array('_' => '\_', '%' => '\%'));
$sth = $dbh->query("DELETE FROM songs WHERE title LIKE $title");
?>
You can also use mysql_real_escape_string() or addslashes().