add_post_meta/update_post_meta = automatically sanitized? | WordPress.org

brownie-ll
(@brownie-ll)

13 years, 1 month ago

I’ve put together a custom meta box which has some input fields, that writes to the postmeta table using add_post_meta/update_post_meta. From doing some quick checks it appears that any data using this function is automatically sanitized to prevent SQL injections and the like.

Is this correct or should I be doing further sanitization on my inputs?

Viewing 1 replies (of 1 total)

Alwyn Botha
(@123milliseconds)

13 years, 1 month ago

I suggest validating it

Here are some links; consider a meta box a form and these tips will be relevant

http://stackoverflow.com/questions/2390781/best-practice-creating-forms-in-wordpress

http://www.smashingmagazine.com/2009/07/07/web-form-validation-best-practices-and-tutorials/
http://blog.formstack.com/2010/10/04/ten-best-practices-for-creating-awesome-online-forms/

Viewing 1 replies (of 1 total)

The topic ‘add_post_meta/update_post_meta = automatically sanitized?’ is closed to new replies.

Tags

In: Fixing WordPress
1 reply
2 participants
Last reply from: Alwyn Botha
Last activity: 13 years, 1 month ago
Status: not a support question

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics