• Resolved KW923

    (@kw923)


    Hi,

    I have heard about the importance of properly sanitizing or preparing SQL Queries while developing plugins. I’m just not sure if I understand how to do it. I’ve created my query which takes the page titles and flushes them from the database. The plugin is supposed to allow the user to create new page titles in a custom form by using wp_insert_post.

    How do I sanitize/validate the page title input that will be sent to the database?

    global $wpdb;
    	$args['menu_order'] = $wpdb->get_var("SELECT MAX(menu_order)+1 AS menu_order FROM {$wpdb->posts} WHERE post_type='page'");
    	$wpdb->flush();
Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Security Question: SQL Injections’ is closed to new replies.