I am wondering if anything from the $_SESSION array needs to be escaped before I use it in a SQL query.
Note that I don\'t use cookies in my application, since I\'ve hea
A $_SESSION variable is the same as a $_GET variable if used incorrectly, so the answer to your question is yes, if your storing RAW user inputs in a session (which you shouldn't be doing) then you would need to escape it.
$_SESSION
$_GET