Hi all,
just a short question: is $wpdb->insert secure against evil inputs? Or do you need to escape all the bad stuff before (like SQL-injections and other nasty things)?
Thanx in advance
Small question about security of $wpdb->insert (2 posts)
-
Ameisenman
Posted 10 months ago # -
dains
Posted 8 months ago #Wow, no response to this? It's pretty important and I just learned it today doing testing, so I'll answer.
wbdb bypasses the API and so it needs to have the full treatment by the coder. The coding standards here - https://codex.wordpress.org/WordPress_Coding_Standards - give you some information, plus a prep function for it. Also, the wpdb function reference gives you some more info.
Hope this helps!
Dains
Reply
You must log in to post.
