Here step my step how to solve the issue
First
Verify the status of your get_magic_quotes_gpc directive
if (get_magic_quotes_gpc()) echo 'Magic Quotes is enabled'; else echo 'Magic Quotes is disabled'; or check your php.ini via echo phpinfo();
Second
If your magic quotes is ON you will need to use the stripslashes function before you use the mysql_real_escape_string function. Remember both Magic quotes and mysql_real_escape_string add slashes so you do not want to that twice. Some people would say just turn magic quotes off in php.ini, well i prefer not going to my php.ini if i do not have to.
mysql_real_escape_string(stripslashes($_POST['firstname']));
Third
If your magic quote is off you just have to use stripslashes once when you retrieve the data.