Using addslashes() function (SQL injection prevention?)

Good Day phphelp, I need some idea of how to use addslashes function or proper way of using it.

I am currently studying on how to make a basic form with securities, I want to know what are the ways of preventing SQL injections for comment area something like this

index.php
[php]

Add Slashes Name
textarea
[/php]

check.php
[php]<?php
$name=$_POST[‘name’];
$comment=$_POST[‘comment’];
$comment=addslashes($comment);

echo $name;
echo "<br />";
echo $comment;

?>[/php]

don’t mind the name, so I set the comment area to maximum characters of 200(user can only input 200 chars)

if I use addslashes() function is it enough for SQL prevention?

if I want user’s to to input special characters like <(less than), >(greater than)

Example1

I input a text(in comment area)

This is a “” I want this text to be displayed

output:

This is a “” I want this text to be displayed

how can I properly display “”?

Example2

input:

output:

the output is blank, how can I display any characters displayed by user and at the same time preventing SQL injections?

are there any other techniques?

Regards

Just my opinion your time would be better off learning about prepared statements http://us1.php.net/manual/en/mysqli.quickstart.prepared-statements.php rather than add and removing slashes. Unless you are editing a lot of legacy code I personally don’t see the need for it, for using prepared statements will take of 99 percent of the SQL injection concerns.

Thanks for the advise Mr.Strider64, I will take time to read this