The problem is that these tutorials were written a looong time ago when the default was to have magic quotes switched on which has probably saved thousands of newbie developers apps from being SQL injected. The default is now off.

Of course magic quotes caused problems with excessive escaping in DB fields leading to some developers explicitly de-escaping values before adding them to the DB.