Small question about security of $wpdb->insert

  • Ameisenman

    (@ameisenman)


    12 years, 9 months ago

    Hi all,
    just a short question: is $wpdb->insert secure against evil inputs? Or do you need to escape all the bad stuff before (like SQL-injections and other nasty things)?

    Thanx in advance

Viewing 1 replies (of 1 total)
  • dains

    (@dains)

    12 years, 7 months ago

    Wow, no response to this? It’s pretty important and I just learned it today doing testing, so I’ll answer.

    wbdb bypasses the API and so it needs to have the full treatment by the coder. The coding standards here – https://codex.wordpress.org/WordPress_Coding_Standards – give you some information, plus a prep function for it. Also, the wpdb function reference gives you some more info.

    Hope this helps!

    Dains

Viewing 1 replies (of 1 total)
  • The topic ‘Small question about security of $wpdb->insert’ is closed to new replies.