For some reason the real_escape_string is not working.
Here is a function that doesnt seem to work.

function add_mail(){
    $host = "";
    $user = "";
    $pass = "";
    $database = "";
        //this function assigns correct values to the variables to access the database.
    get_variables_db2($host, $user, $pass, $database);

    $db = new mysqli($host, $user, $pass, $database);
    $first_var = "How is ever'thing?";
    $second_var = "I go tomorrow-- and it will be f'un";
    $third_var ="Hello world.";

    $first_var = $db->real_escape_string($first_var);
    $second_var = $db->real_escape_string($second_var);
    $third_var = $db->real_escape_string($third_var);

    $query = ("insert into mail(title, email, content) values('".$first_var."','".$second_var."','".$third_var."')");
    $result = $db -> query($query);

If it was working, the real_escape_string would convert for example $first_var into:
How is every\'thing?

Right? Well it is not working.

Im using innodb type of database and utf_general_ci charset.
Suggestions please.

THe reason I use real_escape_string is because it is recommended. I can see if I put this up on a commercial server slashes are added, but I think that is because magic quotes are on by default on commercial servers.

I thought real_escape_string would add slashes but it seems it doesnt.