I've been surprised that I couldn't find a quick answer to this in the books and resources I've looked at. It must be really straightforward but how are single quotes (apostrophes) in record data (such as a name like O'Reilly) handled on data entry? Presumably they are escaped in the database and then "unescaped" when they are retrieved? How? Is their a function like htmlspecialchars() or addslashes()? What other characters need to be escaped when receiving data through PHP into a MySQL database? Thanks Duncan. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]