By using $POST['selectedcustomer'] directly, you are setting yourself up for a SQL Injection (google it for more information).
By using mysql_real_escape_string() you are preventing a SQL Injection from happening.
As for, do you need to use it with your $SESSION variable? Maybe, it depends on how you stored the $POST data into session.
If you did (I recommend this method)
$_SESSION['selected_customer'] = $_POST['selected_customer'];
Then you definitely need to use mysql_real_escape_string()
If you did (I actually do not recommend this method, as you really should store the posted data as is, so displaying it back to the user won't be affected)
$_SESSION['selected_customer'] = mysql_real_escape_string($_POST['selected_customer']);
Then you do not necessarily need to use mysql_real_escape_string again.