It's a very common issue when dealing with PHP to see escaped quotes from POST or GET data. For example, your input of Max's test input would escape with a slash before the apostrophe. once sent to the server. The following function will loop through an array and apply the stripslashes() function to every piece of data, recursively looping through each array inside of your array:
foreach ( $theArray as &$v ) if ( is_array($v) ) $v = array_stripslash($v); else $v = stripslashes($v);
$_POST and $_GET
You can use this on ANY array, but the most common use for a function like this would be for POST and GET data. If you would like to run this automatically on your $_GET and $_POST data, you may do the following:
if ( !empty($_POST) ) $_POST = array_stripslash($_POST);
I use if ( !empty($_GET) ) to verify that $_POST and $_GET are set arrays. If we do not use this, we might see a minor error or warning from PHP's end, so let's just play it safe.
NOTE: ALWAYS SANITIZE YOUR DATA before running it inside of a mysql_query. If you use PDO, you will be fine - otherwise, toss some form of validation on it - the above function and script will remove your basic basic level of protection. Code safe, kids!
Questions, comments, concerns?