mysql_real_escape works locally but not remote

Question

When using mysql_real_escape_string on my local MAMP setup it works fine. Example when I enter "test" into a text field it appears \"test\".

When I publish this to the remote server it does not seem to be escaping the string. "test" appears as "test" in the database.

I have already made sure there is a connection open before escaping.

Example code:

    global $db,$db_table_prefix; 

    mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
    mysql_select_db("test") or die(mysql_error());

    $title = mysql_real_escape_string($_POST['title']);
    $content = mysql_real_escape_string($_POST['content']);

It saves fine to the correct database and what not but just does not seem to be adding the \'s.

Answer 1

magic_quotes might be enabled on your local server. You would need to disable them.

More about disabling magic_quotes: http://www.php.net/manual/en/security.magicquotes.disabling.php

Answer 2

That is not m_r_e_s's doing, but magic_quotes.
Your local machine has them enabled. Your remote does not. You ought to disable them locally.

Also, you really ought to start using mysqli or PDO.