It's nice to have enabled on a server with a lot of other people, ones who may not be as security-conscious as others. It's a
decent deterrent to SQL injection attacks. (I'm stressing the decent there, it's by no means sufficient to fully protect against it.)
We're working on a way to enable/disable PHP directives on a per user basis, which hopefully we'll be able to do soon. So for right now, it's going to stay on.
For now, you can use something such as this to check for/reverse the affect of magic_quotes_gpc:
PHP:
if(get_magic_quotes_gpc()) {
if(ini_get('magic_quotes_sybase')) {
$example = str_replace("''", "'", $_POST['example']);
} else {
$example = stripslashes($_POST['example']);
}
} else {
$example = $_POST['example'];
}
You could probably use array_walk or something and have it go through $_REQUEST/POST/GET automatically on every page load also.