Anything in here that would escape string (PHP)

$_GET['search'] = ucfirst(strtolower(str_replace("_"," ",urldecode($_GET['search']))));

For some reason it's adding slashes into the string similar to mysqL_escape_string, anyone got any ideas what would be causing it?开发者_运维知识库

You have most probably magic_quotes_gpc set to on in php.ini. If you want to avoid that, make a check like this:

if (get_magic_quotes_gpc())
{
   $mytext = stripslashes($your_text);
}

// and your further code....

Check to see if magic_quotes_gpc is enabled on your server. If this is enabled, PHP automatically escapes anything from _GET _POST or _COOKIES.

See: http://php.net/manual/en/security.magicquotes.php

It sounds like magic_quotes_gpc is turned on. You can get the setting with get_magic_quotes_gpc().