Support » Fixing WordPress » validating query_vars

  • ivomasterche

    (@ivomasterche)


    Hi, i am trying to use query_vars filter instead of $_GET.
    I’ve managed to send and to get the variable by using

    add_query_arg( $params, $url ) and $wp_query->query_vars['par']

    but i am wondering whether i should validate the result after i get it?

    something like:

    if (isset($wp_query->query_vars['variant'])) {
       $variant = mysql_real_escape_string($wp_query->query_vars['variant']);
    }
Viewing 2 replies - 1 through 2 (of 2 total)
  • esmi

    (@esmi)

    Forum Moderator

    ivomasterche

    (@ivomasterche)

    Thank you for your fast answer.

    Yes I’have read that article but i couldn’t find exact match for this case.
    Its easy when i am passing int value i am using intval($value) but what about string values which should be echoed, and inserted in database?
    i always use %s wpdb formating but is it enough?

    When i use $_GET i validate them with mysql_real_escape_string() immediately after i get them

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘validating query_vars’ is closed to new replies.