I was wondering how good addslashes was based on the article in the link?
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
Also, does anyone know if this should be escaped?
$str= "<select id=\"my_dropdown1\" onchange=\"
window.location.href='Compare_Teams_dashboard.php?a=search&value=1&SearchFor1=' + this.options[this.selectedIndex].value +'&SearchOption=Contains&SearchField=TeamName';
\"><option value=\"\">".$_SESSION["srchteam1"]."</option>";
Thanks