My question is simple, I have this session user:
$user = $_SESSION['user'];
and I want to do a select with it:
select * from online where user='$user' order by id desc LIMIT 1
Do I need to prepare a $_SESSION variable as I do with POST and GET? If I do not, is there a chance of SQL injection?
select * from online where user=? order by id desc LIMIT 1