phil wrote: There's an addslashes() function in PHP which does this. You should be aware of SQL injection vulnerabilities you are opening yourself up to whenever you insert anything into an SQL database from user input fields. It's normally wiser to use some of the database abstraction libraries knocking around like adodb.