@pyroDec 14.2003 — #I'm assuming you are asking about security, rather than actually HOW to do it, so I'd recommend passing the input into the database through [URL=http://us4.php.net/manual/en/function.stripslashes.php]stripslashes()[/URL] (so they can not execute DB commands) and [URL=http://us4.php.net/manual/en/function.htmlspecialchars.php]htmlspecialchars()[/URL] (for when the data is read out of the DB and printed on the page).
@pyroDec 14.2003 — #That is because most servers have [url=http://us3.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc]magic_quotes_gpc[/url] turned on. The htmlspecialchars is doing most of the work... And yes, it is to disallow potential hackers from using ' and " which could be security concerns.