Got this fixed. Turns out there was a cleanup function looking for sql injection wholes that stripped 'drop' 'alter' etc sql keywords.