magic_quote problem.. and help me add HASH.... [URGENT!!!!]

Besides that i have problem with magic_quote..

when i post Jingle's Bells
it will show :Jingle\\\'s Bells
so anyone have any idea?

----------------------------------------------------------------------------
and anyone have a code for [register page , reset password , comfimation mail?]
or help me edit this...just only help me implemed HASH.. you ca use MD5/SHA1

if($_POST['create_account']){
    if(!$_POST['accept_terms']) $smarty->assign("error_terms", err_accept_terms);
    else if(!$_POST['username']) $smarty->assign("error_username", err_choose_username);
    else if(!preg_match('/^[a-zA-Z0-9]+$/', $_POST['username'])) $smarty->assign("error_username_chars", err_username_chars);
    else if(user_exists($_POST['username'])) $smarty->assign("error_username", err_account_exists);
    else if(!$_POST['pass1'] || $_POST['pass1'] != $_POST['pass2']) $smarty->assign("error_pass", err_password_mismatch);
    else if(!email_ok($_POST['email'])) $smarty->assign("error_email", err_email_incorrect);
    else if($_POST['code1'] != $_POST['code2']) $smarty->assign("error_code", err_invalid_code);
    else if(email_exists($_POST['email'])) $smarty->assign("error_email", err_email_exists);
    else {
        if($_POST['visible']) $visible = 1; else $visible = 0;
        $db = new database;
        $db->dblink();
        $id = $db->db_insert("users", "time, username, pass, email, visible", time().", '{$_POST['username']}', '{$_POST['pass1']}', '{$_POST['email']}', $visible");
        if($id) {
            $rec = $db->get_rec("users", "*", "id=$id");
            $_SESSION['user'] = new user($rec);

            //confirmation email
            $msg = str_replace("#username", $_SESSION['user']->username, confirmation_mail);
            $msg = str_replace("#link", $base_href."welcome/".encrypt($_SESSION['user']->username."###".$_SESSION['user']->pass), $msg);
            mail($_SESSION['user']->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">");

            $files = get_files('sample_photos');
            $file = $files[0];
            $old = "sample_photos/$file";

            $parts = explode(".", $file);
            $last = count($parts) - 1;
            $ext = $parts[$last];

            $filename = $_SESSION['user']->id.".".$ext;
            $new = "profile_images/$filename";
            if(copy($old, $new)) $db->db_update("users", "avatar='$filename'", "id={$_SESSION['user']->id}");
            copy($new, "avatars/$filename");
            resize_picture(25, 25, "avatars/$filename", $ext);

            //confirmation email
            //$msg = str_replace("#username", $_SESSION['user']->username, confirmation_mail);
            //$msg = str_replace("#link", $base_href."welcome/".encrypt($_SESSION['user']->username."###".$_SESSION['user']->pass), $msg);
            //mail($_SESSION['user']->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">");
            unset($_SESSION['user']);
            $page = "welcome_info";
        } else $error = err_create_account;
    }
    if($page != "welcome_info") {
        $page = "home";
        $smarty->assign("error", $error);
        $smarty->assign("reg", 1);
    }
} //login a user
if($_POST['login']){
    $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=0");
    $how_many = $db->count_recs($result);
    if($how_many != 0) {
        $rec = $db->fetch_objects($result);
        $_SESSION['user'] = new user($rec[0]);
        $_SESSION['user_id'] = $_SESSION['user']->id;
        if($_POST['remember_me']){
            setcookie("login_user", $_SESSION['user']->username, time() + 86400 * 60);
            setcookie("login_pass", $_SESSION['user']->pass, time() + 86400 * 60);
        }
        unset($_SESSION['logged_out']);
        header("Location: profile/{$_SESSION['user']->username}");
    } else {
        $result = $db->get_recs("users", "*", "(username='{$_POST['user']}' or email='{$_POST['user']}') and pass='{$_POST['pass']}' and new=1");
        $how_many = $db->count_recs($result);
        if($how_many != 0){
            //confirmation email
            $recs = $db->fetch_objects($result);
            if(is_array($recs)) foreach($recs as $rec){
                $u = new user($rec);
                $msg = str_replace("#username", $u->username, confirmation_mail);
                $msg = str_replace("#link", $base_href."welcome/".encrypt($u->username."###".$u->pass), $msg);
                mail($u->email, confirmation_subject, $msg, "From: Admin<".CONTACT_MAIL.">");
                $smarty->assign("login_error", err_account_inactive);
            } else $smarty->assign("login_error", err_login_incorrect);
        } else $smarty->assign("login_error", err_login_incorrect);
    }
}

//check if the user is logged in
if($_SESSION['user']){
    $rec = $db->get_rec("users", "id", "username='{$_SESSION['user']->username}'");
    if($rec->id != $_SESSION['user_id']) $_SESSION['user_id'] = $rec->id;
} else {
    //if not logged in but remembered in cookies
    if($_COOKIE['login_user'] && $_COOKIE['login_pass'] && !$_SESSION['logged_out']){
        $rec = $db->get_rec("users", "*", "(username='{$_COOKIE['login_user']}' or email='{$_COOKIE['login_user']}') and pass='{$_COOKIE['login_pass']}'");
        if($rec) $_SESSION['user'] = new user($rec);
        header("Location: profile/{$_SESSION['user']->username}");
    }
    $code = random_string(5);
    $smarty->assign("code", $code);
}

PHP:

 

I didnt look through it all, but create a function to strip slashes or "clean" before entered or echo'd

 

Your best disabling magic quotes and run anything that you sent to the database through mysql_real_escape_string which escapes thing correctly for the characterset you are using.