这听起来像 Magic Quotes 。

检查是否实际启用：

  echo get_magic_quotes_gpc（）; 
 

要禁用，请编辑您的php.ini文件：

 ;魔术报价
; 

;传入GET / POST / Cookie数据的魔术报价。 
 magic_quotes_gpc = Off 

;运行时生成数据的魔术引用，例如来自exec（）等的SQL数据。
 magic_quotes_runtime = Off 

;使用Sybase风格的魔术引号（用''代替\'转义'）
 magic_quotes_sybase = Off 
 

或将此行添加到.htaccess：

  php_flag magic_quotes_gpc Off 
 

I'm quite frustrated. I want to be able to insert into my database names with single quotes - for example, O'Connor.

So, when inserting into the DB, I do:

 $lname = mysql_real_escape_string($_POST['lname']);

And then I insert $lname into the DB.

When it's in the DB, it appears as O\'Connor.

So, if I were to recall that last name in my web application, I will have to use:

 $lname = stripslashes($r["lname"]);

This all seems to work fine. However, I have a search function which will search for last names and display the results. When I search, I have to search for O\'Connor in order to get any results.

You see, after I search, the textbox automatically stores the value of what was just searched for (using sessions). So my code is this:

 $search = mysql_real_escape_string($_GET['search']);
 $_SESSION['search'] = $search;

Like I said before, when I search, I have to use "O\'Connor", and then after I search, the value in the textbox becomes "O\\\\'Connor"

It's been frustrating trying to figure this out. Does anyone know what I'm doing wrong? Thanks!

EDIT:

Here is my php5.ini file, regarding magic quotes:

 ; Magic quotes
 ;

 ; Magic quotes for incoming GET/POST/Cookie data.
 magic_quotes_gpc = On

 ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
 magic_quotes_runtime = Off

 ; Use Sybase-style magic quotes (escape ' with '' instead of \').
 magic_quotes_sybase = Off

However, my site is hosted on GoDaddy, and I do not have permissions to edit the file :(

It sounds like Magic Quotes are enabled in your PHP configuration.

To check if it's actually enabled:

echo get_magic_quotes_gpc();

To disable, edit your php.ini file:

; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off

Or add this line to your .htaccess:

php_flag magic_quotes_gpc Off