Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Web Programming > Web 2.0, Mashups, and Other Web Programming > BOOK: Professional WordPress Plugin Development
BOOK: Professional WordPress Plugin Development
This is the forum to discuss the Wrox book Professional WordPress Plugin Development by Brad Williams, Ozh Richard, Justin Tadlock; ISBN: 978-0-470-91622-3
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Professional WordPress Plugin Development section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
Old April 13th, 2012, 06:28 PM
Registered User
Join Date: Apr 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Only using strip_tags before inserting to DB? What about escaping quotes?


I really want to get to the bottom of this; this has bothered me for a while. I'm guessing that the answer is something so simple and obvious that it's right in front of me somewhere.

But I gotta know!

So, for example:

Page 84, Chapter 4, Code snippet boj-meta-box.php

Why is strip_tags() the only measure being taken to sanitize data before running update_post_meta()? What about escaping quotes? Doesn't strip_tags() still leave you vulnerable to SQL injection?

Last edited by scottfennell; April 13th, 2012 at 06:28 PM.. Reason: typo

Similar Threads
Thread Thread Starter Forum Replies Last Post
Escaping quotes from content pblancher XSLT 1 June 18th, 2006 08:15 AM
displaying single quotes and double quotes ren_123 Classic ASP Databases 2 February 22nd, 2006 02:17 PM
Getting single and double quotes into DB hoffmann Classic ASP Databases 9 December 4th, 2003 12:24 AM
PHP & Strip_tags trangd PHP How-To 1 October 20th, 2003 12:22 PM
Inserting "Double Quotes" ASP?VBScript/SQL Server craigcsb Classic ASP Databases 1 July 4th, 2003 10:37 PM

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.