Hey all – I just had a quick question. I’m using WP_User_Query for something in one of my template files, and I need to pass a variable from my url in the address bar to the query. I’ve got that working fine – but I’m curious: does the WP_User_query *clean* the stuff hat’s passed? I don’t want someone to inject anything via the address bar into a query and do something that’s not intended with it.
Basically, I’m doing this:
$url = $_SERVER['REQUEST_URI']; $what = explode('?', $url); $what = array_reverse($whowhat; $what = $what; $whatquery = ", 'who' => '$whatquery'"; $user_search = new WP_User_Query(array('meta_key' => 'meta', 'meta_value' => 'yes', 'orderby' => 'last_name' . $whatquery));
So can anyone telle me ifI need to add any extra security measures to this to ensure that “$whatquery” isn’t some nasty script/hack attempt? I just want to be sure it’s *clean* when entered, or to know that the wp_user_query already takes care of that for me.
- The topic ‘wp_user_query question’ is closed to new replies.