Does $_SESSION['username'] need to be escaped before getting into an SQL query?

Question

I am wondering if anything from the $_SESSION array needs to be escaped before I use it in a SQL query.

Note that I don\'t use cookies in my application, since I\'ve hea

Answer 1

You need to escape every string you pass to the sql query, ragardless of its origin.

Even if it is the data you retrieved from your database.