Does $_SESSION['username'] need to be escaped before getting into an SQL query?

Question

I am wondering if anything from the $_SESSION array needs to be escaped before I use it in a SQL query.

Note that I don\'t use cookies in my application, since I\'ve hea

Answer 1

Session variables are just like any other variables. The data in there have to come from somewhere. if you directly store a posted variables there, then it is basically like using the posted variable.

The only diff is that a session variable persist across different access, and that is about it.