SQL safety when storing data using WordPress built
When I use WordPress built-in functions like
add_post_meta, update_post_meta, add_user_meta, update_user_meta
wp_insert_post, wp_insert_user
Should I do any escaping or sanitizing before passing the user-input data to these functions or these functions themselves do the trick?
here in codex Action_Reference/save_post the data is passed to update_post_meta
right out of the $_POST
.
元值使用sanitize_meta进行sanitize_meta
,帖子内容通过wp_kses_post
消毒,等等......您可以安全地假定内置函数是安全的。
上一篇: 如何在手动删除数据库时强制内容提供者重置