Then still I am conserned about the vulnerability of this code against SQL injection in case magic_quotes is turned off, but AFAIK some other code in the master module also relies on that setting. I would like to ask the system guys first if we still should rely on it?
Relying on magic_quotes is not the biggest problem. E.g. this line makes me scared:
DELETE FROM note WHERE id=$id
Well, how should I interpret this? How can we move forward?
Goba