Chris Shiflett has a quick new post with a mention of his article in the latest php|architect - the Security Corner dealing with "why magic quotes can be a security risk".

The new issue of php|architect just came out, and this month's Security Corner topic is magic quotes. In this article, I explain why the magic quotes directive should always be disabled. Because I often see people cite security as a reason to enable magic quotes, I felt that it was important to correct this misconception.

Personally, I would like to see magic quotes deprecated and eventually dropped from future releases of PHP.

Some of the big reasons that he gives in his new piece for disabling it is that it should be up to the programmer to filter the input accordingly. Trusting something that seems as redundant as magic_quotes (at least in my experience) seems a little lazy to me - with the just a minimal amount of effort, any input sent to a script can be cleaned and passed along to whatever script your heart desires.