PDO : Insert query containing ' is not executing in SQLite3 with PHP 5.3.4 with

I am creating a blogging application using PHP5/SQLite3 . To insert a post in database I am executing query written below.

$db=connectToDatabase();
$tempcontent=$db->escapeString($tempcontent);
$query = "INSERT INTO posts VALUES (null,$temptitle, $tempcontent, $tempcategory, $tempauthor开发者_开发百科)";
$db->query($query);
$db=disconnectToDatabase();

I am having problem when the text input contain ' or " . when there is ', the query is not getting executed at all . If ' is not there then " is displayed with escape (\") in browser . Sorry, I forgot to mention : connectTodatabase() function is providing very general way to connect to database. as :

try {
  $db1 = new PDO("sqlite:blog.db");
}catch( PDOException $exception ){
  die($exception->getMessage());
}
return $db1;

---

Just post the whole class because we are not mind readers or psychics here.

The probably problem is you are not escaping data you include in your query.

Use either mysql_real_escape_string():

http://php.net/manual/en/function.mysql-real-escape-string.php

Or PDO prepared statements:

http://www.php.net/manual/en/pdo.prepare.php