The application that I was working on was as a WordPress plugin, as it was integrated in WordPress. And it turns out that WordPress (as of current version: 3.8.1) adds slashes (quotes) to GET and POST data on load. And even with PHP > 5.4 and get_magic_quotes_gpc
returning 0
data is still escaped.
The solution is simply to stripslashes
if you use WordPress, but who knows when WordPress will disable such behaviour and your application will have issues again :)
Some links for the issue: