crocop1

hi im sort of new to the sql thing and i made a function like this to protect from xss and sql injection: function protect_from_xss($s){ $s = htmlentities($s); return $s; } and function protect_from_sql($s){ $s = mysql_real_escape_string($s); return $s; } however, say i have a part of my website where they post comments and sometimes people will use the ' or " in their comment and it will show up as \' or \".. how can i clean it without adding slashes?