WordPress.org

Ready to get started?Download WordPress

Forums

Small question about security of $wpdb->insert (2 posts)

  1. Ameisenman
    Member
    Posted 2 years ago #

    Hi all,
    just a short question: is $wpdb->insert secure against evil inputs? Or do you need to escape all the bad stuff before (like SQL-injections and other nasty things)?

    Thanx in advance

  2. dains
    Member
    Posted 2 years ago #

    Wow, no response to this? It's pretty important and I just learned it today doing testing, so I'll answer.

    wbdb bypasses the API and so it needs to have the full treatment by the coder. The coding standards here - https://codex.wordpress.org/WordPress_Coding_Standards - give you some information, plus a prep function for it. Also, the wpdb function reference gives you some more info.

    Hope this helps!

    Dains

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.