SQL safety when storing data using WordPress built

When I use WordPress built-in functions like

add_post_meta, update_post_meta, add_user_meta, update_user_meta

wp_insert_post, wp_insert_user

Should I do any escaping or sanitizing before passing the user-input data to these functions or these functions themselves do the trick?

here in codex Action_Reference/save_post the data is passed to update_post_meta right out of the $_POST .


元值使用sanitize_meta进行sanitize_meta ,帖子内容通过wp_kses_post消毒,等等......您可以安全地假定内置函数是安全的。

链接地址: http://www.djcxy.com/p/71002.html

上一篇: 如何在手动删除数据库时强制内容提供者重置

下一篇: 使用WordPress构建存储数据时的SQL安全性