If a string contains a single quote, it will generate an error. mysqli->real_escape_string() escapes quotes for MySQL. See example:

<?php
    // create database connection
    $conn = new mysqli($HOST, $USER, $PASS, $DB);
    if ($conn->connect_error) {
      die ("Connection failed: " . $conn->connect_error);
    }

    // this string will break SQL if not escaped 
    $line = "John's car"

    // escape strings for mysql
    $line = $conn->real_escape_string($line);

    // insert query      
    $sql = "INSERT INTO `mydb`.`lines` (`lineid`, `line`) VALUES (NULL, '{$line}');";
    if ($conn->query($sql) === TRUE) {
      // query successful
    } else {
      echo "Error inserting data: " . $conn->error . "\n";
    }

    // close database connection
    mysqli_close($conn);
?>