topr8 - 4:35 pm on Apr 17, 2013 (gmt 0)
i don't need a medal, you need to learn some basics!
you've seen what works and how confused you got doing it the other way, maybe that's how you should handle quotes in the future, that way works for me anyway.
... php is not my thing really, perhaps you should ask the quotes question in the php forum.
although if you are learning and just starting out ... here is my advise to you - it makes codign much more long winded but it will make it much more secure.
1. ensure you check all POST/GET data is exactly as it should be, eg a string of a certain length etc. and whatever characters are allowed/not allowed - write functions to test for this.
2. do not actually write queries as you have done here, bind parameters to prepared statements ... [php.net...]
3. if you don't have a very good reason to use xhtml, and most people don't then don't use it, use regular html.
if you don't do 1 and 2 then it is only a matter of time before you are hacked.