You are right in saying slashes are not inserted into the database (when used to actually escape data), but storage is not the problem. You need to escape data being sent to a database to ensure that it is not tainted; i.e. not doing anything naughty. Consider the following:
There we can see someone passed in a tainted string, the string being:
select `username` from `user` where `column` = 'abc123'; drop table `user`#
We have closed the enclosed string, ended the query with a semi-colon, and then dropped the table. The end is a hash to comment out everything after that to avoid any errors.
abc123'; drop table `user`#
Essentially, you will want to turn off magic_quotes, run ALL user submitted input through mysql_real_escape_string, and run ALL output through htmlentitites() to avoid XSS and the such attacks.
You will want to allow some HTML though, as you mentioned bold, italic, etc tags. This can be achieved via a string formatting plugin. Some are htmlPurifier, and one I recently stumbled across, StringParser_BBCode which is particularly cool.