Jerry, you set me straight. mysql_escape_string() did the trick. I
had read about it at the mysql site but couldn't fathom it - especially
when they start talking about magic quotes.
Can I please apologise to you and other polite posters for the other
flaws in my sample. This is the poor form of a php newbie.