The Support Forums will be in read-only mode for a scheduled maintenance window on 01 September 2016 14:00 UTC - 20:00 UTC. More information.

Small question about security of $wpdb->insert (2 posts)

  1. Ameisenman
    Posted 5 years ago #

    Hi all,
    just a short question: is $wpdb->insert secure against evil inputs? Or do you need to escape all the bad stuff before (like SQL-injections and other nasty things)?

    Thanx in advance

  2. dains
    Posted 4 years ago #

    Wow, no response to this? It's pretty important and I just learned it today doing testing, so I'll answer.

    wbdb bypasses the API and so it needs to have the full treatment by the coder. The coding standards here - https://codex.wordpress.org/WordPress_Coding_Standards - give you some information, plus a prep function for it. Also, the wpdb function reference gives you some more info.

    Hope this helps!


Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.