It sounds to me like you need to have some fairly basic tuition on these subjects. You’ve clearly been reading up on the internet and following examples, but without actually understanding why the examples are doing what they’re doing, or how they work. Copying examples without understanding them is not a good thing.

So at the core you need some deeper understanding of the topics, which is probably too much for a site like this to provide (SO is more about helping people solve specific problems than teaching them whole subjects, though you will learn a lot from browsing the site).

However, I will address some of your points:

• Magic Quotes is an obsolete PHP feature; in fact, it’s been removed entirely from the most recent versions of PHP. Disabling it will not make your server “less powerful”, or anything of the sort. In fact, it is recommended not to use it.

• All the functions beginning with mysql_ have also been deprecated and are not recommended any more. The newer alternatives are the mysqli_xxx() functions or the PDO library. If you’re following tutorials using the old functions, you should find a newer tutorial.

• The mysql_real_escape_string() function (and the mysqli/PDO equivalents) is intended to add a slash to your string where it finds quote characters or other characters that would cause a SQL statement to be invalid. Finding a slash in your string after running this function is perfectly normal and correct. This is called “escaping” the string (hence the name of the function). The “escaped” version of the string should only be used in the context of building a SQL query.