I really need to see the PHP/Form code, it could be that the values are being correctly written to the database (can you verify with mysql?) and that when you echo/include the code it's being rendered by the browser.
If you want to PM me the site I'll take a look and work with you. I can even get on IRC (freenode.net) if you want.
It's hard for me to see what's happening behind the scenes. The mysql_real_escape_string() is a must, and BLOB supports 2^16 (65535 char), so I think we're moving in the right direction.