Hi everyone, I'm starting to experiment with an edit form and I am seeing the following behaviour: $fname = mysql_real_escape_string($fname); $lname = mysql_real_escape_string($lname); $sql = "UPDATE phonedir SET fname = '$fname',lname = '$lname' WHERE id=$id"; $result = mysql_query($sql); echo mysql_error() . "\n"; This will result in the addition of the slashes. If I do the following, there are no slashes. Just wondering if I'm on the right path with the 1st code set.. $sql = "UPDATE phonedir SET fname = '".mysql_real_escape_string($fname)."',lname = '".mysql_real_escape_string($lname)."' WHERE id=$id"; $result = mysql_query($sql); echo mysql_error() . "\n"; Cheers Haig
