8.1.4: Who says "PHP deprecated addslashes since 4.0"?

The PostgreSQL-8.1.4 release documentation says we should be using
PostgreSQL-supplied string escaping routines, not "homebrew" methods.
No argument from me on this.

But in the "User Guide to the 8.1.4 Security Update", it says:
|  An example of an application at risk is a PHP program that uses
|  addslashes() or magic_quotes. We note that these tools have been deprecated
|  by the PHP group since version 4.0.

Can anyone provide a source for the statement? It's odd, since PHP-4.0 was
released on 2000-05-22, shortly after PostgreSQL-7.0, and the PQescapeString()
function wasn't even added to libpq until PostgreSQL-7.2 almost 2 years later.

The current PHP reference manual doesn't discourage use of addslashes() for
database input. I agree with you - this is wrong - but where did the
"We note... deprecated by the PHP group since version 4.0" line come from?