I'd also shut down the magic_quotes_gpc.
The idea behind these directives was to help secure against sql injection attacks. But the actual methods used by the dbms' are not aware of these directives, so escaping them would result in double escaping. They carry little other value.
header('HTTP/1.1 420 Enhance Your Calm');