validating query_vars (3 posts)

  1. ivomasterche
    Posted 4 years ago #

    Hi, i am trying to use query_vars filter instead of $_GET.
    I've managed to send and to get the variable by using

    add_query_arg( $params, $url ) and $wp_query->query_vars['par']

    but i am wondering whether i should validate the result after i get it?

    something like:

    if (isset($wp_query->query_vars['variant'])) {
       $variant = mysql_real_escape_string($wp_query->query_vars['variant']);
  2. esmi
    Forum Moderator
    Posted 4 years ago #

  3. ivomasterche
    Posted 4 years ago #

    Thank you for your fast answer.

    Yes I'have read that article but i couldn't find exact match for this case.
    Its easy when i am passing int value i am using intval($value) but what about string values which should be echoed, and inserted in database?
    i always use %s wpdb formating but is it enough?

    When i use $_GET i validate them with mysql_real_escape_string() immediately after i get them

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.