char name[11];
char escapedname[21];

cgiFormStringNoNewlines("name", name, 10);
mysql_real_escape_string(db, escapedname, name, 
                         strlen(name));