WordPress.org

Support

Support » Plugins and Hacks » Small question about security of $wpdb->insert

Small question about security of $wpdb->insert

  • Hi all,
    just a short question: is $wpdb->insert secure against evil inputs? Or do you need to escape all the bad stuff before (like SQL-injections and other nasty things)?

    Thanx in advance

Viewing 1 replies (of 1 total)
  • Wow, no response to this? It’s pretty important and I just learned it today doing testing, so I’ll answer.

    wbdb bypasses the API and so it needs to have the full treatment by the coder. The coding standards here – https://codex.wordpress.org/WordPress_Coding_Standards – give you some information, plus a prep function for it. Also, the wpdb function reference gives you some more info.

    Hope this helps!

    Dains

Viewing 1 replies (of 1 total)
  • The topic ‘Small question about security of $wpdb->insert’ is closed to new replies.