I find that mysql_real_escape_string works the best as no matter what they put in or how you escape things it's not going to break the query.Quote:
The other thing, is to surround the column name with ticks which means that it accepts both the int and string of a number e.g
$where = "where PARENT_ID='$parent_id' and CHILD_ID='$child_id' ";
Cheers,
Niggles