What would I use to prevent apostraphies from messing up form fields being written to a mySql database? (I'm working with a pedigree database, and alot of animal names end up being "John's Baby" or something, and when the user enters John's Baby, it cuts off the rest of the text when written to the db. The particular field is varchar in the backend.

when you grab the field in the processing portion of the script, just use the addslashes function


$yourvar = addslashes($_POST['yourvar']);


you can also use mysql_real_escape_string($_POST['yourvar']) if you call it after you open up a database connection.

then when you want to display it, just use stripslashes($var);

$yourvar = addslashes($_POST['yourvar']);


That changed John's Baby to John// so I tried changing addslashes to stripslashes and that got rid of the slashes, but still doesn't finish writing the entire string. So John's Baby is now just John ... Do I need to do both in conjunction with each other? So addslashes on the processing portion and stripslashes on the display portion?

A handy little function:

function query_safe_string($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
return(mysql_real_escape_string($string));
}