Does $_SESSION['username'] need to be escaped before getting into an SQL query?

后端 未结 5 1299
猫巷女王i
猫巷女王i 2021-01-25 01:47

I am wondering if anything from the $_SESSION array needs to be escaped before I use it in a SQL query.

Note that I don\'t use cookies in my application, since I\'ve hea

5条回答
  •  醉梦人生
    2021-01-25 02:04

    A $_SESSION variable is the same as a $_GET variable if used incorrectly, so the answer to your question is yes, if your storing RAW user inputs in a session (which you shouldn't be doing) then you would need to escape it.

提交回复
热议问题