Support » Fixing WordPress » $_GET and security

  • I’m querying the database based on a $_GET variable. What should I do with that variable before my query? Is this sufficient?

    $myVar = get_var(“SELECT table_term_taxonomy.term_taxonomy_id FROM table_term_taxonomy INNER JOIN table_terms ON (table_term_taxonomy.term_id = table_terms.term_id) WHERE 1=1 AND ( table_terms.slug = ‘$_GET[location]’ ) LIMIT 0, 1”));

    or should I do something else?

  • The topic ‘$_GET and security’ is closed to new replies.