mysql_real_escape_string

Hi all,

I have a question about mysql_real_escape_string. Is it just used for login scripts or is it also used for inserting data to a database. My problem is this:

$connection = mysql_connect("*****", "*****", "*****");
    $database_select = mysql_select_db("*****", $connection);

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];

    $firstname = stripslashes($firstname);
    $firstname = mysql_real_escape_string($firstname);
    $lastname = stripslashes($lastname);
    $lastname = mysql_real_escape_string($lastname);

    echo "<p>" . $firstname . "</p>";
    echo "<p>" . $lastname . "</p>";

Now if I type quotation marks and so on, the function works fine and it escapes them, but if I update the database using these newly cleaned variables, the slashes are not there! I would use code like the following to update:

$connection = mysql_connect("*****", "*****", "*****");
    $database_select = mysql_select_db("*****", $connection);

    $firstname = $_POST['firstname'];
    $lastname = $_POST['lastname'];

    $firstname = stripslashes($firstname);
    $firstname = mysql_real_escape_string($firstname);
    $lastname = stripslashes($lastname);
    $lastname = mysql_real_escape_string($lastname);

    $result = mysql_query("INSERT INTO members(firstname, lastname) VALUES ('$firstname', '$lastname')", $connection);

Can you see any mistakes as to why it echo's fine but doesn't update the database with the escaped version?

Thanks,

Anthony