Just a note that the POST variable may contain array(s). so it may be a good idea to use stripslashes_deep().

Using mqgpc isn't bad practice: it's utilizing a legitimate part of the programming environment. A better snippet to add atop all your code would be one which checks for mqgpc, and if it's not set, adds slashes to G/P/C prior to use.

What you should really be doing, of course, is turning mqgpc on in php.ini -- and most hosts, for obvious security reasons, have it on already and refuse to allow .htaccss DISABLING of it.

Of course, you can also activate it via .htaccess, which is less than ideal (since using .htaccess if you don't have to results in quite a few extra stat()s by Apache for every request . . .

In the PHP engine (among a bunch of compiled instructions which really don't give a hoot whether there's a quotemark or not) is a much safer place to validate input. Of course, it only protects you from SQL and PHP injection, and you may need to unquote on occasion, but you as the programmer should know this and code accordingly. To turn off mqgpc because it encourages laxity is akin to refusing to wear sunscreen because it encourages staying too long in the sun.

I've got good news, and I've got bad news:
The universe is merely a figment of my imagination.
Now are you ready for the bad news?