Instead of blindly interpolating the Question into the INSERT statement, use "binding". If PHP is under the covers, then it has multiple ways of achieving that.

Also, by switching the way of building queries, you can help avoid "SQL injection".

? is a place holder for inserting a string after it has been escaped. By providing

INSERT INTO QUESTIONS(USER_ID, QUESTION_TEXT) VALUES(?, ?)