Since magic_quotes_gpc (http://us3.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc) is deprecated should I turn it off? I didn't even know that it was on and when I read my php.ini file it was not even listed, so I figured I was not using it. When I checked my phpinfo I saw that it was on by default.

short answer: yes.

long answer: start reading. (http://php.net/manual/en/security.database.sql-injection.php)

Good to know. magic_quotes_gpc has been turned off and I added the following code to my submit pages:

foreach ($_POST as &$value)
{$value=mysql_real_escape_string($value);
}
unset($value);
I am not too terribly worried as I already had cookie, session, and htaccess security measures in place.

your values only really need to be escaped when you're sending it to your database or plan on using them as executable code (like text files / html, which could include javascript, etc.).

If you blindly escape everything, you're basically turning magic quotes back on. That's actually one of the problems with magic quotes: everything was escaped no matter what, so you end up with extra /s everywhere.

On top of it, say you got some input from the user:

hello guy's!
yes, the guy needs to learn how to use apostrophes, but it's good for my example.
magic quotes sanitizes it:

hello guy/'s!
but you've got server-side validation before you submit it to your database. So, say you make sure there's no html <tags>, then you submit it to your database. But wait, magic quotes again:

hello guy//'s!
well, kinda defeats the point, huh?

It's better to sanitize things once, intentionally, right when you need to.

It's the simple answer to a complex problem and thus the source of more problems than solutions.
Turn it off and everything will be easier.

yep, I also see that my earlier "quick fix"

foreach ($_POST as &$value)
{$value=mysql_real_escape_string($value);
}
unset($value);
is somewhat problematic, so I am escaping my variables one at a time just before inserting them into my database as opposed to at the beginning of my submit page. I also need to update my PCRE as well. This means I have a couple hours of file editing as opposed to the few minutes my quick fix took earlier.

I'd say the biggest reason I turned it off was because is deprecated and I never know when my web host will update PHP to the latest version.

It's deprecated, but AKAIK its still "available," so don't worry about that too much. (You should still turn it off and do things right.)