data validation touble | WordPress.org

jlknauff
(@jlknauff)

12 years, 12 months ago

Using the non-escaped querry works fine:
$query = "SELECT * FROM wp_network_members WHERE ". implode(' AND ', $searchSql);

But when I use the data validation outlined on the WP data validation page (http://codex.wordpress.org/Data_Validation#Database) as in the code below, I get no results:

$wpdb->escape("SELECT * FROM wp_network_members WHERE ". implode(' AND ', $searchSql));

FYI – here is an exampe of a query I ran that returned no results:

SELECT * FROM wp_network_members WHERE 1=1 AND `l_name` LIKE \'%b%\' AND `status`= \'published\'

What can I do to get the outcome I want without compromising on security?

Viewing 1 replies (of 1 total)

Thread Starter jlknauff
(@jlknauff)

12 years, 12 months ago

I think I found a solution. I instead escaped the elements that make up the search criteria, and then passed the sanitized data to the query.

Any holes in this approach?

Viewing 1 replies (of 1 total)

The topic ‘data validation touble’ is closed to new replies.

Tags

In: Hacks
1 reply
1 participant
Last reply from: jlknauff
Last activity: 12 years, 12 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics