WordPress.org

Ready to get started?Download WordPress

Forums

Escaping discrepancies with get_option() and update_option() (2 posts)

  1. benlancaster
    Member
    Posted 5 years ago #

    Hi,

    So, update_option() automatically does pre-database escaping, but it doesn't look as though get_option() unescapes it on the way out. I'm developing a plugin at the moment, and I'm always ending up with escaped apostrophes after get_option(). Is this expected? Strikes me as a bit odd.

    On the same subject, shouldn't $wpdb->escape() be using mysql_real_escape() instead of addslashes()?

    Here's my code:

    <?php
    function AdminMenuOptions()
    {
        global $wpdb;
    
        if(isset($_POST['hidden']))
        {
            update_option('rb_recaptcha_private', $_POST['rb_recaptcha_private']);
            update_option('rb_recaptcha_public',  $_POST['rb_recaptcha_public']);
            update_option('rb_from_address',      $_POST['rb_from_address']);
            update_option('rb_from_name',         $_POST['rb_from_name']);
            update_option('rb_welcome_email',     $_POST['rb_welcome_email']);
            update_option('rb_welcome_subject',   $_POST['rb_welcome_subject']);
            update_option('rb_post_registration', $_POST['rb_post_registration']);
    
            echo '<div class="updated fade"><strong>Options saved</strong>
    </div>';
        }
    
        $rb_recaptcha_private   = get_option("rb_recaptcha_private");
        $rb_recaptcha_public    = get_option("rb_recaptcha_public");
        $rb_from_address        = get_option('rb_from_address');
        $rb_from_name           = get_option('rb_from_name');
        $rb_welcome_email       = get_option('rb_welcome_email');
        $rb_welcome_subject     = get_option('rb_welcome_subject');
        $rb_post_registration   = get_option('rb_post_registration');
    
        require 'admin-screen.php';
    }
    ?>

    get_magic_quotes_gpc is off in my PHP config.

  2. benlancaster
    Member
    Posted 5 years ago #

    Just to update, I've (sort of) fixed this in my plugin with:

    <?php
    add_filter('option_rb_welcome_subject', 'stripslashes');
    add_filter('option_rb_welcome_email',   'stripslashes');
    add_filter('option_rb_from_name',       'stripslashes');
    ?>

Topic Closed

This topic has been closed to new replies.

About this Topic