Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Is this the recommend way for sha256ing something? It's the only way I can find to do it, yet this page doesn't seem very busy - I am thinking there would be more user comments if the function is recommended...
I generally escape everything unless I know it's an integer. That way I don't have to worry about whether or not it contains anything that needs to be escaped and it makes the code more robust and secure. Having multiple layers of defense is not a bad thing.
As I said, these are 2 different things. It has nothing to do with multiple layers of defense... but yes, escaping even the hash - although isn't really needed would be a good idea since you have to expect the unexpected. It won't harm, that's for sure
If you want to make sure hashing works, check out the sha256 link in my signature. It will use the built-in function(s) if they are available. Otherwise it will perform the hash itself, provided you have bcmath loaded.