I make this php program to access mysql data

foreach ($arrayOfID as $ID)     {
    $IDWhere[]="TB.ID LIKE '" .$ID."'";
    //$IDWhereOther[]="Business LIKE '".$ID."'";
    //  $IDWhereFinalOther1[]=$ID;
    $IDWherePhone[]="BusinessID LIKE '".$ID."'";
    //$IDWhereURLandImage[]="`Business ID` LIKE '".$ID."'";
    $newOutput[$ID]=array();
    $copy[$ID]=array(); 
    keyID2[]=$ID;
    $IDtoBuilding[]="TB.ID LIKE '".$ID."'";
}
IDWhereFinal=implode(" OR ", $IDWhere);
//$IDWhereFinalOther=implode(" OR ", $IDWhereOther);
//$IDFinalBuilding=implode(" OR ", $IDtoBuilding);  
//$query="Select *, Country FROM `tablebusiness` As TB, `tablecity` As TC WHERE (".$IDWhereFinal.") AND TB.City=TC.City";
//$query="Select *, Country, Building.Title FROM `tablebusiness` As TB, `tablecity` As TC, `tablebusiness` As Building WHERE (".$IDWhereFinal.") AND TB.City=TC.City And (Building.ID=TB.Building OR TB.Building=0)";
 //$query="Select *, Country, COALESCE(NULL,(select Title from `tablebusiness` As TBuild where  TBuild.ID=TB.Building)) as BuildingTitle FROM `tablebusiness` As TB,  `tablecity` As TC, `tablebusiness` As Building WHERE (".$IDWhereFinal.") AND TB.City=TC.City";
$query="Select *, Country, (select Title from `tablebusiness` As TBuild where TBuild.ID=TB.Building) as BuildingTitle FROM `tablebusiness` As TB, `tablecity` As TC WHERE TB.City=TC.City and (".$IDWhereFinal.")";
$data = mysql_query($query);

Problem is, sometimes $ID contains '

I think that should be escaped into ''

But ' may not be the only problem

Maybe there are other characters that should be encoded too.

Is there a function for that?