This question is something simple that's bugged me for a few years now, not sure why just never really looked into fixing it and it's been a present issue on the site. At the moment I have magic quotes on and escape all input data that is used in queries with mysql_real_escape_string. In my scenario is it safe for me to turn off magic quotes? The site works fine at the moment but sometimes user's comment will have /' for example and it doesn't look very professional.
Yes, that should be done asap as magic quotes is no longer recommended, compared to mysql_real_escape_string() it misses some functionality.
Magic quotes is disabled by default in PHP 6, I believe. They're deprecated right now, though, which means that using them is not recommended.