So I know that you should use mysql_real_escape_string or addslashes to help prevent against SQL injection, but is it necessary to use it on variables that are submitted from a dropdown menu? Is there any way for someone to bypass that dropdown menu and submit a value other than the limited selection? Thanks.
Edit: nevermind, I realized that I should check those fields as well.
