I'm not a huge fan of the superglobals - but the correct fix here is to use a parameterized query!
I'm not sure which languages you are used to, that will somehow magically 'escape' an input string so that it's safe to inject directly into your query in all circumstances.
I know I don't want strings from the frontend pre-quoted in any way. I want the string the way the user typed it in!
I'm sad that I had to scroll that much down to get to this response. Any other approach is still not secure, might output strange characters for specific inputs or both.
I'm not sure which languages you are used to, that will somehow magically 'escape' an input string so that it's safe to inject directly into your query in all circumstances. I know I don't want strings from the frontend pre-quoted in any way. I want the string the way the user typed it in!