I'm using mysql_real_escape_string()
on every INSERT before anyone asks.
However, I want users to be able to type apostrophes but they come up as back slashes. However, I also want them to be able to use backslashes.
The users are trusted but is it possible to allow these characters whilst also preventing the possibility of an SQL injection?