I think the solution below is a better and safer approach. replace addslashes() with mysql_real_escape_string() $_sess_id_set = ( empty($_sess_id_set) ) ? NULL: mysql_real_escape_string($_sess_id_set);