Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Please look at the codes below:
$username = $_POST['username'];
$_SESSION['user_name'] = $username;
Do I have to use mysql_real_escape_string() function while I’m setting $username value too? Is there any threat here if I don’t?
Attention: I used PDO while I want to work with MySQL.
No, you do not need to escape it in any way there. You only need to escape text if you are concatenating it with other text where certain characters may have a special meaning. See The Great Escapism (Or: What You Need To Know To Work With Text Within Text).