I just want to recommend that you use a function like this instead of using addslashes(). Addslashes is a security blanket full of holes.
Code:
function validateit($value) {
$value = str_replace('javascript:', '_', $value);
$value = str_replace('document.location', '_', $value);
$value = str_replace('vbscript:', '_', $value);
$value = str_replace('<marquee', '_', $value);
$value = str_replace('<script', '_', $value);
$value = str_replace('?php', '_', $value);
$value = mysql_real_escape_string(strip_tags(htmlentities(trim($value))));
return $value;
}
This will help against sql injections, cross site scripting, and all that jazz.