Apostrophe PHP problem – Putting an ‘ into a mySQL database

You may notice that when you are putting data into your mySQL database from PHP, somehow a magical back slash appears from nowhere. This happens basically because PHP doesn't want anyone inserting malicious code or SQL injections into your database. The slash is there to protect us from our own coding. It appears from nowhere, and it is aptly named "Magic Quotes".  There are a couple of places online that explain how to address this, but it still took me a good few hours to really understand what I needed to do.

.

The first step for me was to get the input from the HTML form that was submitted:

$name=$_POST['name'];

Now, your code checks to see if Magic Quotes is on in your server's version of PHP
If it is, it will remove any of those extra slashes in names like O'Brian which was O\'Brian

if(get_magic_quotes_gpc())
{
$name = stripslashes($name);
}

Now you can use $name as it is in your code to display without the annoying backslash. To make it safe for your database, however, you need one final step. This last bit prepares your variable to be safely put in your mySQL database:

$name = mysql_real_escape_string($name);

I'm still a relative newbie at this stuff and wasn't able to find the above few lines of code just how I needed them. Hopefully they will be of service to you as you learn PHP