admin管理员组

文章数量:1023187

Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?

I'm storing a URL.

Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?

I'm storing a URL.

  • security
  • user-meta
  • sanitization
Share Improve this question asked Apr 27, 2019 at 23:57 logic8logic8 1013 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 2

Yes, it's a good practice to sanitize input and escape output. It's important to use the correct function, though, so that you don't inadvertently mess up your data.

Since it's for a URL, use esc_url_raw() (it is specifically for db usage).

(Note: it may seem odd using a function with the "esc_" stem for sanitizing, since I just stated sanitize input, escape output, but this particular function specifically the deprecated sanitize_url() function.)

Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?

I'm storing a URL.

Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?

I'm storing a URL.

  • security
  • user-meta
  • sanitization
Share Improve this question asked Apr 27, 2019 at 23:57 logic8logic8 1013 bronze badges
Add a comment  | 

1 Answer 1

Reset to default 2

Yes, it's a good practice to sanitize input and escape output. It's important to use the correct function, though, so that you don't inadvertently mess up your data.

Since it's for a URL, use esc_url_raw() (it is specifically for db usage).

(Note: it may seem odd using a function with the "esc_" stem for sanitizing, since I just stated sanitize input, escape output, but this particular function specifically the deprecated sanitize_url() function.)

本文标签: securityDoes metadata need to be sanitized

版权声明:本文标题:security - Does meta-data need to be sanitized? 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://it.en369.cn/questions/1745545258a2155363.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。