secure function - mysql_real_escape_string

arrangements

Hey I have this form and I run it through a secure function:

function isSecure($string)
{
	$string = strip_tags($string);
	$string = htmlspecialchars($string);
	$string = trim($string);
	$string = stripslashes($string);
	$string = mysql_real_escape_string($string);
	return $string;
}

But I can't figure out why this happens when I submit something like this into my profile edit form:

now it works here @#$%^&*()

Why does this\' happen but this doesn\'t:
"HERE"

As you can see it add's slashes to the ' but not to the ". I want to remove those .

Himegoto

use the view source on your browser and look at the code returned. do the double quotes " show up as " ? You used htmlspecialchars before mysql_real_escape so thats what I'm betting is coming up, which is why it doesn't need to be escaped with a \