我使用以下脚本将记录插入我的数据库：

$sql = "INSERT INTO fotetweets VALUES('$tweetid','$dp', '', '$username','$tag', '$twittercontent', '$twittertimestamp', '')";
mysql_query($sql);

您将需要查看mysql_real_escape_string。但是，我将研究如何使用mysqli或PDO类，并使用准备好的语句。
编辑
注意，这些都可以在PHP手册的prepared语句示例下找到/获得。
MySQLi的示例用法：

<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "my_database");

/* check connection */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

/* create a prepared statement */
$stmt =  $mysqli->stmt_init();
if ($stmt->prepare("INSERT INTO fotetweets VALUES(?, ?, '', ?, ?, ?, ?, '')")) {
    /* bind parameters for markers */
    $stmt->bind_param("issssi", $tweetid, $dp, $username, $tag, $twittercontent, $twittertimestamp);

    /* execute query */
    $stmt->execute();

    /* close statement */
    $stmt->close();
}
?>

<?php
$dsn = 'mysql:dbname=testdb;host=127.0.0.1';
$user = 'dbuser';
$password = 'dbpass';

try {
    $dbh = new PDO($dsn, $user, $password);
} catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
}

$sth = $dbh->prepare('INSERT INTO fotetweets VALUES(?, ?, '', ?, ?, ?, ?, '')');
$sth->execute(array($tweetid, $dp, $username, $tag, $twittercontent, $twittertimestamp));
?>

$tweetid = (int) $tweetid; // static cast to integer, if that is what it should be.
$sql = "INSERT INTO fotetweets VALUES(
    $tweetid,'" . mysql_real_escape_string($dp) . "',
    '', '" . mysql_real_escape_string($username) . "',
    '" . mysql_real_escape_string($tag) . "',
    '" . mysql_real_escape_string($twittercontent) . "',
    '" . mysql_real_escape_string($twittertimestamp) . "', '')";