Well, on my php pages I am escaping in this manner:
$title = "Jack's Long 'Shoes'";
$title = mysql_real_escape_string($title);
$go = mysql_query("INSERT INTO titles (title) VALUES '$title'");
Then when I view this data via phpmyadmin, the data appears as it were before it was escaped, ie Jack's Long 'Shoes'
I was under the impression that it would look like:
Jack\s Long \Shoes\
Are the slashes supposed to actually be printed inside the mysql database field?
No. The escapes vanish once they pass into the data tables. That's the whole points of escaping data - it's like stuffing a letter into an envelope. The letter stays in the envelope (escaped) during its journey through the postal system. Once it gets to its destination (the database storage medium), it's removed from the envelope and stored in its original form.
If the escaping (envelope) was stored along with the letter, you'd have to UNESCAPE (open the envelope) it each time you pulled the letter out of the database.
For databases, the escaping serves to "hide" SQL metacharacters from the query parser. Once the data's passed through the parser and has been written into the DB, the escapes are no longer necessary. The db's own internal handlers knows what is data and what is sql commands, so the artificial divisions created by the escapes are no longer necessary at that point.