I havent been able to get my current code working on my new server due to magic_quotes and addslashes restrictions, and despite a previous attempt for help which didnt work out, or i wasnt able to implement in correctly, im now baffled. Can anyone supply me with some code for insert and code for update sql that is compatible with magic_quotes turned off and not using addslashes, so that i can just modify it with my db name and field names.

I am using forms which call <?php echo $editFormAction; ?> which are refernced in the PHP code as

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];

in the action section of the form.

I am also using this call in the name section of the form
name="MM_insert"

which is reference in the PHP code as
if ((isset($HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "addReptilefoods")) {

If there is a different way of doing this, any help would be great. i dont have much hair left to pull out :/

regards
paul

More current practice is to use $_SERVER instead of $HTTP_SERVER_VARS and $_POST instead of $HTTP_POST_VARS. However, the older arrays are still supported and should therefore work unless they're being used within function/method definitions, as they do not automatically have global scope, whereas $_SERVER and $_POST do.

As far as the second part, it's unclear to me what the problem is, other than I assume you meant to type $name="MM_insert" ???