Bypass magic quotes?

Well. I'm looking to use some SQL injection. And the only remaining vulnerable spots (that I've found) are inside double-quotes. (like SELECT * FROM table WHERE username like "$search")

And the stupid old server has magic quotes enabled. The person in charge of this project knows I'm doing this (I'm kinda a beta tester, proving that it's all secure), so I can't use the old "hey admin you should disable magic quotes" trick.

Is there any way to get past those nasty magic quotes? I'm pretty sure it can be done, I'm just not sure how =/

find another hole. Then, edit the php config file :p Is it shared hosting? You could call customer support at the datacenter/shared hosting company and ask them to do it. You'll need information on "yourself," use whois for that and say you forgot your customer id and aren't at a computer with internet access, but your web developer needs the setting changed ASAP (you don't want to give him access to the box more than what he has.)

Heh. What makes me mad is that I used to have another hole, too. But it got plugged before I managed to read up enough on how to abuse it properly with that dumb ol' magic quotes on ><