Hi Everyone,

I have a form on my website that allows a person to insert information. I'm trying to prevent from a mysql attack so I decided to try and fix that by not allowing apostrophe's into my mysql database. I'm using the str_replace function.

When visitor enters information this is the path the variable takes before entering into my database but for some reason apostrophe's are being accepted into my database and I don't know why. Any help would be appreciated.

PHP Code:
$dealership $_POST['dealership'];
$dealership mysql_real_escape_string($dealership);
$dealership stripslashes($dealership);
$dealership capitalize($dealership); (my own function)
$dealership trim($dealership);
$dealership eregi_replace(","""$dealership);
$dealership str_replace("'"""$dealership); 
What am I doing wrong here?
Thanks everyone.