Hi,

I've been reading up on the correct way to go about escaping data entered into a database from the $_POST variable, but am in need of a bit of clarification.

I have the following piece of code which takes a user submitted name and enters it into a database:

$user = mysql_real_escape_string($_POST["user"]);

mysql_query("INSERT INTO accounts (date, name, stats)
VALUES ('Jan 1', '$user', '546065')")
or die(mysql_error());

As a test, I typed in the following to be submitted as my username:

Joe's Name

After taking a peek in the database using phpMyAdmin, here is what it got inputted as:

Joe\'s Name

I've been reading up on escaping data, and apparently it's not good practice to have the escaped slashes appearing directly within the database? If so, then how do I process data insertions without filling my database with so many ugly escaped "/" marks, while still maintaining the security gained from using mysql_real_escape_string()?

Or am I already doing it the correct way and it's just normal to have a database filled with the escaped slash marks?

Note: Magic quotes are Off.

Advice would be greatly appreciated, thanks! :)