I am having a problem with magic quotes being disabled when passing and outputting a variable via a session (although magic_quotes are successfully disabled the rest of the time). I am using PHP Version 5.4.3.

Magicquotes (I’ve added the last line re. $_SESSION given that’s what the variable is being passed through, although it was not mentioned in Kevin Yank’s book):-
PHP Code:
<?php
if (get_magic_quotes_gpc())
{
    function 
stripslashes_deep($value)
    {
        
$value is_array($value) ?
            
array_map('stripslashes_deep'$value) :
            
stripslashes($value);
        
        return 
$value;
    }
    
    
$_POST array_map('stripslashes_deep'$_POST);
    
$_GET array_map('stripslashes_deep'$_GET);
    
$_COOKIE array_map('stripslashes_deep'$_COOKIE);
    
$_REQUEST array_map('stripslashes_deep'$_REQUEST);
    
$_SESSION array_map('stripslashes_deep'$_SESSION);
}
?>
Controller ($attraction_name is entered into database so must first be sanitized) (excerpts):-
PHP Code:
include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';

$attraction_name mysqli_real_escape_string($link$_POST['attraction_name']);

session_start();
$_SESSION['message'] = 'THIS ATTRACTION HAS BEEN EDITED:' ' ' $attraction_name;
header('Location:  . ');
exit(); 
Display page:-
PHP Code:
<?php session_start(); if (isset($_SESSION['message'])) { echo $_SESSION['message']; unset($_SESSION['message']); } ?>
If the variable passed through is ‘St Paul’s Cathedral’, then it will output:-
THIS ATTRACTION HAS BEEN EDITED: St. Paul\’s Cathedral
I have also tried creating a variable (having first applied htmlspecialchars) specifically to be output as the session message and using that instead (also to no avail):-
PHP Code:
$attraction_name_session htmlspecialchars($attraction_nameENT_QUOTES‘UTF-8’); 
And passing the below (while it has none of the above problems) would leave it open to hackers given the attraction_name is to be input by users.
PHP Code:
$_POST[‘attraction_name’]; 
Any ideas?