does not pass as valid email
Here is the evil code :
Here is the evil code made safe: <script type="text/javascript">document.write("Mwaa haa haa haa");</script> Here is the query: INSERT INTO fun VALUES('Here's the deal')
Here is the clean query: INSERT INTO fun VALUES('Here''s the deal')