roosterbrood

Thanks for the reply. I have read that I should use mysqli instead, but I don't know how to impliment it into my current code, can you please assist?

Good Evening All I am fairly new to php and I know my question was asked before on different pages, but I tried to impliment the mysql_real_escape but could not manage to get it to work. My problem: I used a youtube tutorial to write the script for a php-sql guestbook. It works fine except when a person use an apostrophe in his name or in the text area, when it gives an error. My code: <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> Name<br> <input style="width:400px" type="text" name="txt_name"> <br> Email:<br> <input style="width:400px" type="text" name="txt_email"> <br><br> Comment:<br> <textarea style="width:400px" rows="10" align="left" name="txt_comment"> </textarea> <input type="submit" value="Send"> </form> <h2>Other People's comments</h2> <table class="gb"> <?php $query = "SELECT * FROM guestbook ORDER BY date_auto"; $result = mysql_query($query, $connection); for ($i=0; $i < mysql_num_rows($result); $i++) { $name = mysql_result($result, $i, "name"); $email = mysql_result($result, $i, "email"); $comment= mysql_result($result, $i, "comment"); $date = mysql_result($result, $i, "date_auto"); $show_date = date("m/d/Y", $date); echo '<br>'; echo ' <tr height="45" bgcolor="#6B4226"> <td> <font color="#fff"> '; echo $name ; echo' van '.$email; echo', ' .$show_date; '</td> </tr> '; echo ' <tr> <td bgcolor="#FFCC99">'; echo $comment; '</td> </tr> <br> '; } ?> </table> I will apreciate it if someone can please point me in the right direction to successfully impliment mysql_real_escape or the newer version of it. Thanks André