Does $_SESSION['username'] need to be escaped before getting into an SQL query?

Question

I am wondering if anything from the $_SESSION array needs to be escaped before I use it in a SQL query.

Note that I don\'t use cookies in my application, since I\'ve hea

Answer 1

A $_SESSION variable is the same as a $_GET variable if used incorrectly, so the answer to your question is yes, if your storing RAW user inputs in a session (which you shouldn't be doing) then you would need to escape it.