APOSTROPHE MYSQL ESCAPE

$var = $conn->real_escape_string($_POST["var"]);
Naive Chief