does not pass as valid email
Here is the evil code :
Here is the evil code made safe: <script type="text/javascript">document.write("Mwaa haa haa haa");</script>
Here is the query: INSERT INTO fun VALUES('Here's the deal')
Here is the clean query: INSERT INTO fun VALUES('Here''s the deal')