$wpdb->update or $wpdb->insert results in slashes being added in front of quotes

Question

This question has been posed a few times in various places, but I haven\'t found a definative and clear answer. Most solutions involve people saying to disable Magic Quotes

Answer 1

WordPress ignores the built in php magic quotes setting and the value of get_magic_quotes_gpc() and will always add magic quotes (even after the feature is removed from PHP in 5.4).

you can use this instead

//replace $_POST with $POST
$POST      = array_map( 'stripslashes_deep', $_POST);
$wpdb->insert( 
        'wp_mytable', 
        array( 
            'field_name'        => $POST['field_name'], 
            'type'              => $POST['type'],
            'values'            => serialize($POST['values']),
            'unanswered_link'   => $POST['unanswered_link'], 
        ), 
        array( 
            '%s','%s','%s','%s'
        ) 
    );

WordPress does this because too much core and plugin code has come to rely on the quotes being there, so disabling quotes on the super globals (as is done in both the "Basic Example" and "Good Coding Practice" examples above) is likely to cause security holes.

http://codex.wordpress.org/Function_Reference/stripslashes_deep