It's really best to code for "both" - magic quotes offer some extra security for programmers who aren't so security-conscious, but they add a bit of a headache. Most seasoned php programmers consider them a bit of a pain in an unlit area. So what's best is to check if magic quotes gpc are on, and if they are, to strip slashes from all your user input. Then, when you make queries to your database, or do anything involving output, filter all variables which come from input accordingly. All user-input variables used in variables should be escaped with mysql_real_escape_string().

You only basically have to worry about magic_quotes_gpc, since the other options aren't used very much - you only have to worry about those options which might get turned on accidentally or without your being notified, and magic_quotes_gpc is the only real candidate here. There's a function to check if it's on - get_magic_quotes_gpc() or something that sounds similar. Google this forum for "magic quotes" and you'll find a number of threads on it.

I always use these lines in 'config.inc.php'

ini_set('register_globals', 0);
ini_set('magic_quotes_gpc', 0);
ini_set('magic_quotes_runtime', 0);

and most times, ini_set('display_errors', 0); also.