WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] When do i need to use mysql_real_escape_string with wordpress? (5 posts)

  1. Scott Fennell
    Member
    Posted 2 years ago #

    When do I need to use mysql_real_escape_string with wordpress?

    Do some functions expect unescaped data? Do some not?

  2. stvwlf
    Member
    Posted 2 years ago #

  3. Scott Fennell
    Member
    Posted 2 years ago #

    Okay, thanks for that. I should have phrased my question better though. These are the specific functions I'm wondering about:

    add_post_meta()

    update_post_meta()

    add_user_meta()

    update_user_meta()

    wp_update_post()

    When you look at wp_insert_post() in the codex, it explicitly says this function automatically escapes data for you. It doesn't say that about any of these other functions I listed above. So, they don't? Or what?

    If they don't, then I should be using $wpdb(escape->$text), correct?

    I know this is really basic, but I want to make sure I have no confusion here.

  4. stvwlf
    Member
    Posted 2 years ago #

    All of the meta functions escape the data.

    for wp_update_post
    http://hitchhackerguide.com/2011/02/12/wp_update_post/
    concerning parameter passed to function:

    array|object $postarr: Post data. Arrays are expected to be escaped, objects are not.

  5. Scott Fennell
    Member
    Posted 2 years ago #

    Okay, thanks.

    I think it would be good if the codex were more explicit about this.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.