hi all, i've been having a problem with quotes and hyphens with my php for a while.

while i know understand the basics and get submit and extract text with these froma database my particular question is more complicated so i decided to strip down my code and post it so explain why its a problem and hopefully someone can help

essentially user posts something via form, this is then previewed and the addde to db. its not submited directly. so my code works fine when no quotes are used. but put one in and you have a problem.

i've tried stripslashes and many other functions but none work for this. i've tried different ways of doing it with no luck. i really need help


@$form_element = addslashes($_POST['element']);

// prepare the form

$form1 = "<form action='preview.php?stage=preview' method='post'>		  
				<table width='100%' border='1' cellspacing='0' cellpadding='5'>
					<td>Your Comment:</td>
					<td><input name='element' type='text' value='$form_element'></td>
					<td><input type='submit' value='Submit Entry' class='button'></td>

// display form if first time on page
if ($_GET['stage'] == "start")
	echo $form1;

// display preview on submit

if (@$_GET['stage'] == "preview")

	echo "Preview Form:<br><br>";	
	echo " <table width='100%' border='1' cellspacing='0' cellpadding='5'>

	echo "<form action='preview.php?stage=end' method='post'>
		  <input type='hidden' name='element' value='$form_element'>
		  <input type='submit' value='Add Entry'>

// display confirmation page and submit to database
if ($_GET['stage'] == "end")
	$query = "insert into element (element) values ('$form_element')";
	$result = mysql_query($query) or die ("Couldn't execute query.");
	echo "Your text has been inserted into the database. <a href='preview.php?stage=show'>View</a>";

if ($_GET['stage'] == "show")
	$query = "select element from element";
	$result = mysql_query($query) or die ("Couldn't execute query.");
	$row = mysql_fetch_array($result);
	$element = stripslashes($row['element']);
	echo $element;