I am really confused...
My site is hosted by a large ISP who controls the version of MySQL and PHP. I a novice PHP / MySQL programmer. I am have a much deeper knowledge of HTML but am doing more and more with PHP and MySQL. I have been using a book called "PHP and MySQL Web Development" from 2009. That book tells me that I should "escape" all text user input fields using a set of "magic_quotes_gpc" commands. But after having problems implementing these "magic_quotes" in my code, after looking at the official PHP manual online, it says that these "magic_quotes" command are not only depreciated, but are actually removed from the most recent versions.
It is my understanding that I needed to run these commands to "escape" any characters (like quote, single quote, comma, &, etc) that might cause a security issue (somoene compromises SQL commands by encapsulating these characters in user input). So I don't know what to do now if these are no longer used.
What is the correct way to "escape" user input? I have input that will have these type of characters in it so I want to preserve it ... (database of Presentations and users will have these characters in their Presentation Title, Presentation Description, etc) What is the appropriate way to handle this type of input if my book is wrong and "magic_quotes" are not long used?