That's referred to as a directive magic_quotes_sybase.
Disabling the magic_quotes_gpc directive is an option, but its one I don't like to rely on (some sites may not allow .htaccess or ini configuration changes by individuals on shared hosting). Hence the use of the array_map. The documentation indicates that sybase does respect the addslashes/stripslashes directives, so if you have It''s and issue a stripslash with sybase enabled, than it should convert it back to It's.
Its somewhat rare to have the sybase on (perhaps its a windows machine since that's useful for some of the SQLServer escaping), but another one to disable is the magic_quotes_runtime (which I also find somewhat rare to be enabled). So ultimately to do all the above, you can simply do:
PHP Code:
// Take care of magic_quotes_gpc if its enabled (ini per-dir only, so cannot disable at runtime)
if (get_magic_quotes_gpc())
{
$_POST = array_map('stripslashes', $_POST); // or list each individually or write a recursive function as well ($_FILES is handled *slightly* differently for example)
}
// Stop external resource from escaping:
ini_set('magic_quotes_runtime', 0); // ini all.
Then keep going. Sybase carries no value without either magic_quotes_gpc or magic_quotes_runtime in use.
Fortunately, all three of these directives are gone as of 5.4. The function still remains, and I hope it will until at least PHP 7, but returns false guaranteed as of 5.4. This is good though as I don't like checking for ini_get on it since the ini parser accepts 1, on and true as valid values, but boolean will not deal with the 'on' string. That only happens when set to 'on' via .htaccess, it ends up as 1 if 'on' is used in php.ini.