This is bad in principle. That snippet of code makes the big and dangerous assumption that GET and POST variables are only ever to be used in SQL queries built using string concatenation.
There are two problems with this assumption:
— You shouldn't be building queries using concatenation. Use parameters (unless you're stuck with a stone-age environment).
— It's wrong.
Also, the $HTTP* variables are deprecated. Use $_POST and $_GET instead.
The case where you might want something like your snippet is the converse: Where your code might be run on a system with "magic quotes" enabled. In this case you should be removing character escape sequences wrongly added by the magic quotes "feature":
PHP Code:
if (@get_magic_quotes_gpc())
{
array_walk_recursive($_GET, "stripslashes");
array_walk_recursive($_POST, "stripslashes");
array_walk_recursive($_COOKIE, "stripslashes");
}