Why are escape characters being added to the value of the hidden input

Answer 1

Most probably you hav magic_quotes_gpc enabled on your server. This configuration option and feature is deprecated in php5.3. Until you upgrade:

if (get_magic_quotes_gpc()) {
    set_magic_quotes_runtime(0);
    foreach (array('POST', 'GET', 'REQUEST', 'COOKIE') as $gpc)
        $GLOBALS["_$gpc"] = array_map('dequote', $GLOBALS["_$gpc"]);
}

function dequote($v) {
        return is_array($v) ? array_map('dequote', $v) : stripslashes($v);
}

The above solution is based on someone's code i've found somewhere a few years ago.