Disappearing back slashes on MySQL insert

I’m a bit baffled with this one. I have two separate INSERT INTO MySQL queries in different sections of my site. I have coded them the same from what i can tell but one insertes the backslashes into the database while the other does not. I am using OOP for my database queries so that part is exactly the same. If i look at the variables just before i insert them into the database in both scripts they have the backslashes.

This one doesnt insert the slashes into MySQL:

// insert the farm open day information into the database
		$result = $database->query("INSERT INTO farm_open_days
				(open_day_farm_name, open_day_farmer_name, farmer_row_id, open_day_title, open_day_description, open_day_start_date, open_day_start_time, open_day_finish_time)

This one does:

// insert the user into database
		$result = $database->query("INSERT INTO minfarm_users
				(firstname, lastname, email, address01, address02, address03, town, country, postcode, tel01, accepted_tc_and_privacy, password, role, created, tokenhash, salt)
				 '".date('Y-m-d H:i:s')."',

I have checked the database tables and both are set up the same. Same charset, same database storage engine, same field type. Has anyone else come across something like this before?


Ok, just tested my “working” script again. It seems that it doesnt insert the slashes if the form submits the first time without validation error but if their are validation errors and i have to resubmit the form it does add the slashes. Their must be something here that im just not understanding about how to deal with slashes when inserting into a MySQL database?

Whatever the problem is, it’s almost certainly happening somewhere in all the code you haven’t shown us. But just to wager a guess, here are a couple things you can try or keep your eyes open for. First thing to try: don’t concatenate your variables into the SQL string. Use prepared statements. And second thing to keep your eyes open for: anywhere that you use stripslashes. Some scripts will strip slashes from the entire $_GET and $_POST arrays.