Data Sanitation

  • Database
    $wpdb->insert( $table, (array) $data )
    $data should be unescaped (the function will escape them for you). Keys are columns, Values are values.
    $wpdb->update( $table, (array) $data, (array) $where )
    $data should be unescaped. Keys are columns, Values are values. $where should be unescaped. Multiple WHERE conditions are AND ed together.

    The above was taken from the “Data Validation” page.
    I have a function already built in my plugin that sanitizes the data so, does the above reference “data should be unescaped” mean that the data “could” be escaped?

    I guess the real question would be will the plugin be accepted in the repository with a function that escapes the data?

Viewing 1 replies (of 1 total)
  • Thread Starter yeagerc50

    (@yeagerc50)

    Perhaps if I post the code I might get someone to comment:

    foreach ($_POST as $key => &$value){

    $fltr1 = filter_var($value,FILTER_SANITIZE_STRING);
    $fltr2 = filter_var($fltr1,FILTER_SANITIZE_SPECIAL_CHARS);
    $fltr3 = htmlspecialchars($fltr2);
    $trm = trim($fltr3);
    $strp = strip_tags($trm);
    $new_array[$key] = $strp;
Viewing 1 replies (of 1 total)
  • The topic ‘Data Sanitation’ is closed to new replies.