Data Validation

2 Views

I’m using WordPress as CMS and have a checkout page where info is inserted into the db using $wpdb->insert. I have 2 questions:

  1. Is ‘sql injection’ already a part of that function or do I need to add my own code?
  2. Are there wordpress form input validation functions that I can use on my custom form?
Post Views: 2

Related posts

Leave a Reply

2 comments

  1. Is ‘sql injection’ already a part of that function or do I need to add my own code?

    When inserting input to the database you should use prepare method of WPDB class which supports both a sprintf() – like and vsprintf() -like syntax. read more at the codex

    Are there wordpress form input validation functions that I can use on my custom form?

    Yes there are many and they are covered in Data Validation codex entry like toscho pointed out.