mysql_real_escape_string() leaving slashes in MySQL

Question

I just moved to a new hosting company and now whenever a string gets escaped using:

mysql_real_escape_string($str);

the slashes remain in the

Answer 1

Function below will correctly remove slashes before inserting into the database. I know you said magic quotes isn't on but something is adding slashes so try the following page and see the output. It'll help figure out where. Call with page.php?var=something-with'data_that;will`be|escaped

You will most likely see number three outputting more slashes than needed.

*Change the db details too.

";
echo "2: ".stripslashes($var)." :2
";
echo "3: ".mysql_real_escape_string($var)." :3
";
echo "4: ".quote_smart($var)." :4
";


function quote_smart($value)
{
    // Stripslashes is gpc on
    if (get_magic_quotes_gpc())
    {
        $value = stripslashes($value);
    }
    // Quote if not a number or a numeric string
    if ( !is_numeric($value) )
    {
        $value = mysql_real_escape_string($value);
    }
    return $value;
}

?>