I noticed that a lot of people are relying soley on addslashes() with validating user posted data in php. I recommend using something like this instead, this will help prevent sql injections more thoroughly and cross site scripting.
Code:
function validateit($value) {
$value = str_replace('javascript:', '_', $value);
$value = str_replace('document.location', '_', $value);
$value = str_replace('vbscript:', '_', $value);
$value = str_replace('<marquee', '_', $value);
$value = str_replace('<script', '_', $value);
$value = str_replace('?php', '_', $value);
$value = mysql_real_escape_string(strip_tags(htmlentities(trim($value))));
return $value;
}