WordPress.org

Ready to get started?Download WordPress

Forums

wp_user_query question (2 posts)

  1. Doodlebee
    Member
    Posted 2 years ago #

    Hey all - I just had a quick question. I'm using WP_User_Query for something in one of my template files, and I need to pass a variable from my url in the address bar to the query. I've got that working fine - but I'm curious: does the WP_User_query *clean* the stuff hat's passed? I don't want someone to inject anything via the address bar into a query and do something that's not intended with it.

    Basically, I'm doing this:

    $url = $_SERVER['REQUEST_URI'];
    $what = explode('?', $url);
    $what = array_reverse($whowhat;
    $what = $what[0];
    $whatquery = ", 'who' => '$whatquery'";
    $user_search = new WP_User_Query(array('meta_key' => 'meta', 'meta_value' => 'yes', 'orderby' => 'last_name' . $whatquery));

    So can anyone telle me ifI need to add any extra security measures to this to ensure that "$whatquery" isn't some nasty script/hack attempt? I just want to be sure it's *clean* when entered, or to know that the wp_user_query already takes care of that for me.

    Thanks!

  2. Doodlebee
    Member
    Posted 2 years ago #

    Actually, I found a workaround. Instead of creating a query, I redid it so it simply takes the string in the URL and does get_userdatabylogin(). So if the string isn't an actual user's login name, it goes to 404.

    Thanks anyway!

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.