Security Question: SQL Injections | WordPress.org

Resolved KW923
(@kw923)

10 years, 7 months ago
Hi,

I have heard about the importance of properly sanitizing or preparing SQL Queries while developing plugins. I’m just not sure if I understand how to do it. I’ve created my query which takes the page titles and flushes them from the database. The plugin is supposed to allow the user to create new page titles in a custom form by using wp_insert_post.

How do I sanitize/validate the page title input that will be sent to the database?
```
global $wpdb;
	$args['menu_order'] = $wpdb->get_var("SELECT MAX(menu_order)+1 AS menu_order FROM {$wpdb->posts} WHERE post_type='page'");
	$wpdb->flush();
```

Viewing 3 replies - 1 through 3 (of 3 total)

Moderator t-p
(@t-p)

10 years, 7 months ago

Thread Starter KW923
(@kw923)

10 years, 7 months ago

Great resource, thanks for sharing!

Moderator t-p
(@t-p)

10 years, 7 months ago

you are welcome 🙂

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security Question: SQL Injections’ is closed to new replies.

Tags

sql injections

In: Hacks
3 replies
2 participants
Last reply from: t-p
Last activity: 10 years, 7 months ago
Status: resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics