I don't know much about PHP but I happened to rewrite some old forms a couple of years ago. The original author had relied on a technique called "magic quotes" (http://php.net/manual/en/security.magicquotes.php) which automatically sanitized user input. When we upgraded our version of PHP "magic quotes" had been deprecated and dropped.

It would be interesting to know if some of these developers are relying on "magic quotes" or something similar... and also to know how large share of the total number of projects these projects represent.