addslashes() or mysql_escape_string() - and stripslash() on the way out.
On the way in to a db, I also like to htmlspecialchars() anything that will later be displayed in a browser or form field. Blocks all kinds of nastiness.
your reply makes me sound stupid!!! Oh well, taught me something new as well...can you tell i'm still pretty new at this?? Hehe, and i've been at it for over a year now. Go figures...