When using mysql_real_escape_string on my local MAMP setup it works fine. Example when I enter "test" into a text field it appears \"test\".
When I publish this to the remote server it does not seem to be escaping the string. "test" appears as "test" in the database.
I have already made sure there is a connection open before escaping.
Example code:
global $db,$db_table_prefix;
mysql_connect($db_host, $db_user, $db_pass) or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$title = mysql_real_escape_string($_POST['title']);
$content = mysql_real_escape_string($_POST['content']);
It saves fine to the correct database and what not but just does not seem to be adding the \'s.
magic_quotes might be enabled on your local server. You would need to disable them.
More about disabling magic_quotes: http://www.php.net/manual/en/security.magicquotes.disabling.php