removing slashes

You should abandon the old MySQL connection method and use PDO or SQLi instead. At least start getting familiar with one or the other and stop using the old ,method for new work. So the connection string you use is different. For instance, here is what I use on my local server:

<?php

$dsn ='mysql:dbname=website_1;host=localhost;port=3306';

$user='root';

$password='';

try {

$dbh = new PDO($dsn, $user, $password);

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

$dbh->query=("set names utf8");

$dbh->exec('SET CHARACTER SET utf8');

$dbh->exec('SET character_set_server=utf8');

}

catch (PDOException $e) {

  die('Connection failed: '.$e->getMessage());

}

Then, to insert into the table using prepared statements is like this:

$sql=$dbh->prepare("INSERT INTO pages set

main_photo=:main_photo");

$sql->bindValue("main_photo", $main_photo);

try{   

$sql->execute() or $response = "<p style='color:red'>INSERT FAILED!</p>";

}catch(PDOException $e)

{

echo $e;}

if ($response){

echo $response;

}

So the above is just to show you what the code looks like. Can't teach you how to use PDO in a forum post, but there are lots of tutorials on the web. I also got an ebook callee "Learning PHP Data Objects"

. . .or you may decide to go the SQLi route. You can also do prepared statements, and a lot else, with SQLi.

One of the things I love about PDO is the error reporting and handling. Note that line 4 of the code above defines the error mode, which for the testing environment is verbose. For your production environment you simply set the errormode to silent, so website users don't see all the info that you need when you debug.