Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > Web Programming > Web 2.0, Mashups, and Other Web Programming > BOOK: Professional WordPress Plugin Development
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Professional WordPress Plugin Development
This is the forum to discuss the Wrox book Professional WordPress Plugin Development by Brad Williams, Ozh Richard, Justin Tadlock; ISBN: 978-0-470-91622-3
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional WordPress Plugin Development section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developersí questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old April 13th, 2012, 06:28 PM
Registered User
Points: 5, Level: 1
Points: 5, Level: 1 Points: 5, Level: 1 Points: 5, Level: 1
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Only using strip_tags before inserting to DB? What about escaping quotes?

Hi,

I really want to get to the bottom of this; this has bothered me for a while. I'm guessing that the answer is something so simple and obvious that it's right in front of me somewhere.

But I gotta know!

So, for example:

Page 84, Chapter 4, Code snippet boj-meta-box.php

Why is strip_tags() the only measure being taken to sanitize data before running update_post_meta()? What about escaping quotes? Doesn't strip_tags() still leave you vulnerable to SQL injection?

Last edited by scottfennell; April 13th, 2012 at 06:28 PM. Reason: typo
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Escaping quotes from content pblancher XSLT 1 June 18th, 2006 08:15 AM
displaying single quotes and double quotes ren_123 Classic ASP Databases 2 February 22nd, 2006 01:17 PM
Getting single and double quotes into DB hoffmann Classic ASP Databases 9 December 3rd, 2003 11:24 PM
PHP & Strip_tags trangd PHP How-To 1 October 20th, 2003 12:22 PM
Inserting "Double Quotes" ASP?VBScript/SQL Server craigcsb Classic ASP Databases 1 July 4th, 2003 10:37 PM



All times are GMT -4. The time now is 09:55 AM.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.