admin管理员组文章数量:1429399
Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?
I'm storing a URL.
Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?
I'm storing a URL.
Share Improve this question asked Apr 27, 2019 at 23:57 logic8logic8 1013 bronze badges1 Answer
Reset to default 2Yes, it's a good practice to sanitize input and escape output. It's important to use the correct function, though, so that you don't inadvertently mess up your data.
Since it's for a URL, use esc_url_raw() (it is specifically for db usage).
(Note: it may seem odd using a function with the "esc_" stem for sanitizing, since I just stated sanitize input, escape output, but this particular function specifically the deprecated sanitize_url() function.)
本文标签: securityDoes metadata need to be sanitized
版权声明:本文标题:security - Does meta-data need to be sanitized? 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745545259a2662674.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论