Double Escapping

I have a simple upload script to allow my buddies to upload their youtube videos to their website. It works great offline (WAMPP), but online for some reason it does not work right. Whenever I upload the iframe code, it adds ''s to it. any advice would be greatly appreciated. Example:

When I upload this:

This is what it looks like when it hits the DB: <iframe width=“560” height=“315” src=“http://www.youtube.com/embed/tzD9BkXGJ1M” frameborder=“0” allowfullscreen>

this is my insert script:

<?php include 'core/init.php'; protect_page(); header("Location:featured_videos_admin.php"); $_link = mysql_real_escape_string($_POST['link']); $sql="INSERT INTO `videos` SET `link`='$_link'"; if (!mysql_query($sql)) { die('Error: ' . mysql_error()); } mysql_close($con); ?>

PHP doesn’t recommend using mysql_real_escape_string() any longer. If you have a bad database (which contains escaped data) you will have to use stripslashes() after your SELECT query.

For example:

[php]
while($row = mysql_fetch_assoc($sql)) {
$row = array_map(‘stripslashes’, $row);
}
[/php]

Thank you for replying sir. however, I cannot seem to get teh stripslashes to work on my output.
[php]<?php
$query=“SELECT * FROM videos ORDER BY id DESC”;
$resource=mysql_query($query);

while($result=mysql_fetch_array($resource))
{
echo "

".$result ['link']." "; } ?>[/php]

I have tried to look up replacements for the mysql_real_escape_string but I do not find any clear examples that i am able to understand.

I do not suppose you have any other advice you may be willing to part with? Also, could you tell me why, upon entry into the DB, ''s are being added to the data?

[php]stripslashes($result[‘link’])[/php]

Because that is exactly what mysql_real_escape_string() does.

Thank you very much sir. I appreciate your time and help

You can avoid dealing with problems like this by using PDO instead of mysql_* functions.

Here is a tutorial: