Originally Posted by dacoder96
Ok thanks heaps guelphdad
I am going to go with the dodgy way (not sanitizing and just using magic_quotes) because I monitor logs alot and all my users are close friends so I don't really mind
magic_quotes is a deprecated feature. I'm expecting it to be gone in the next major release of PHP which means you're dodgy practice now becomes a complete vulnerability.
I wouldn't be surprised if its sooner, the next minor release of 5.4 will include the removal of register_globals, register_long_arrays, and allow_call_time_pass_reference, which will of course remove some old functions (particularly the old session ones). If they are axing the register_globals, I won't be surprised if the magic_quotes_gpc and magic_quotes_runtime are also nuked in that release.
Monitoring your logs is a reactive approach. If you take a proactive one you won't need to be constantly monitoring the logs as much as just checking in.