Magic quotes is just a term for where the servers automatically add slashes to superglobals such as $GET and $POST.
If it's a song by "Conan O'Brian", you'll find that the web server might add slashes to that making it "Conan O\'Brian" after which you add slashes with what you're doing, and it's "Conan \\\'O Brian"
The proper way to handle this type of things is to not escape at the input, but to ensure that it's not escaped at all until it's sent out to different places. The database requires a different type of escape ([mysql_real_escape_string) to that of HTML content ([url="http://php.net/manual/en/function.htmlspecialchars.php"]htmlspecialchars), which is different from email content (no escaping of plain text), which is different again from a page url ([url="http://php.net/manual/en/function.urlencode.php"]urlencode](http://php.net/manual/en/function.mysql-real-escape-string.php)).
The problem is that with PHP 5.3, magic quotes are deprecated, and they will be removed completely with version 6.0. So your code needs to either check whether they are being used and do something about it, or preferably, to completely disable magic quotes at the server so that you don't need to do anything special relating to them.
PHP provides full details on [why not to use magic quotes, and on how to go about [url="http://www.php.net/manual/en/security.magicquotes.disabling.php"]disabling magic quotes](http://www.php.net/manual/en/security.magicquotes.whynot.php)
Sanitize the input, escape the output.