So, right now I'm having to use str_replace(...); to make sure I don't have any errors with apostrophe's but I have to put it on every field...there's got to be a better way...please help.
$id = $_REQUEST['id'];
$Comments = $_REQUEST['Comments'];
$Comments = str_replace("'","''", $Comments);

$results = mysql_query( $query );

$query = "INSERT INTO......

i'm not sure what you mean, put it in every feild,
couldn't just make a function for this??

in other words i have...

$Comments = $_REQUEST['Comments'];
$Comments = str_replace("'","''", $Comments);
$FirstName = $_REQUEST['FirstName'];
$FirstName = str_replace("'","''", $FirstName);
$LastName = $_REQUEST['LastName'];
$LastName = str_replace("'","''", $LastName);
$Comments2 = $_REQUEST['Comments2'];
$Comments2 = str_replace("'","''", $Comments2);

There's got to be a way to avoid having to put the str_replace on every "field" (as I'm calling it) and also, what if there are other characters that mess up the data input, like " or ` or something (I don't actually know if those characters cause errors)?

FYI if you couldn't already tell, this is the code for the actual submitting to the database, it's not on the form page...perhaps that's where my issue lies.

Look at htmlspecialchars() (http://us3.php.net/htmlspecialchars) I belive their are some functions people have posted in the notes in the bottom that might be useful to you.

Good luck