Do I need to escape variables if they are used only for running through isset()?
Unless you're going to later insert that value into a database, there's nothing they can do. isset("test');DROP TABLE users;--");
would return "true", but do absolutely nothing.
If you are planning on using it later however, use addslashes()
or mysql_real_escape_string
.
But no, isset cannot do anything bad.