cmunnsI am using a form to find all custom field values of a particular key. This form is submitted and I use _GET to pass the value in query_posts.
Are there any security concerns with doing this? In this case it's a dropdown select value that is getting found, but if I'm using text input should I use strip_tags or something like that to sanitize the input?
Here is an example...
if (!empty($_GET["property_type"])) {
$ty = $_GET["property_type"];
} else {
$ty = "";
}query_posts( array(
'posts_per_page' => -1,
'meta_query' => array(
array(
'key' => 'property_type',
'value' => $ty,
'compare' => 'LIKE'
),
),
));