On a high quality self-marketing blog that I manage, when someone would add a comment that included an apostrophe, the apostrophe would populate on the page with a backslash behind it.

From ‘ to /’ every time.

I could manually edit these in the WordPress backend, or even use a search and replace plugin on the comment fields in the WP database, but come on, this is wordpress. I want a plugin or an easy piece of code that can fix it.

Unfortunately, this issue does not exist solely inside of the WordPress core, or  it would be resolved with an upgrade. It also is not an issue caused solely by any one plugin, although deactivating your plugins can lead you to find out which plugin is contributing to the error.

The real problem is the way that some plugins interact with your SQL Database.

One site, with one host, with a specific set of plugins will not manifest this issue, where apostrophes add unwanted backslashes in WordPress. Sometimes it’s in the Comments field, sometimes it’s in the post copy, and sometimes it’s in the titles.

When my problem (which came from a Mailchimp-signup-in-the-comments plugin) started showing up in the titles of my posts, I knew it was time to brave the searches once again, and defeat this issue once and for all.

The difficulty with finding an answer to the backslash-apostrophe WordPress problem is that the search results for this problem provide answers to problems way back in WordPress 2.3, referencing plugins that are no longer active, and MySQL Database hacks that are no longer applicable, due to upgrades in the WordPress core, PHP, and Apache over the past few years.

I had to research this issue multiple times to finally find a piece of recent code that worked for me.

The backslash-apostrophe answer: stripslashes.

I had tried some stripslashes code before, to no avail; finally, I found this piece of code in the WordPress codex and put it into functions.php:

if ( get_magic_quotes_gpc() ) {
$_GET = stripslashes_deep($_GET );
$_POST = stripslashes_deep($_POST );
$_COOKIE = stripslashes_deep($_COOKIE);
}

The codex offers an explanation and a caveat:

The existence of magic quotes has been a headache for many PHP composers. Future versions of PHP may very likely deprecate them. Code will, however, need to continue to work around them as long as PHP4 and PHP5 remain in use.
Please Note: On any page load where WordPress itself loads, the above example will be unreliable. Very early in its execution, WordPress intentionally adds “magic quotes” for the sake of consistency. This is regardless of the return of get_magic_quotes_gpc(). Core code, and plugins all over, expect the values of $_REQUEST etc to be escaped.

Search and Replace ‘Backslash Apostrophe’ for ‘Apostrophe’

Although this method will prevent any future apostrophes from rendering with backslashes, all the current “/'” entries still exist in the blog.

I used a search and replace plugin that can run on your ENTIRE wordpress database. Be careful to run this plugin ONLY on post content, comments, and titles; replacing backslashes in your code would not be a good idea.

Stripping slashes in php

PHP.net offers two methods of disabling magic quotes: one from the server side, and one at runtime.

Although I have not tried these solutions, here are some other options:

Disabling magic quotes in .htaccess file:

php_flag magic_quotes_gpc Off

Disabling magic quotes on your server

In php.ini, paste this code:

; Magic quotes;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ‘ with ” instead of \’).
magic_quotes_sybase = Off

Disabling magic quotes during page load:

<?php
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
?>

For more information on why magic quotes sucks, read the article on Wikipedia.