I'm developing an application using Wordpress as a CMS.
I have a form with a lot of input fields which needs to be sanitized before stored in the database.<br>
I want to prevent SQL injection, having javascript and PHP code injected and other harmful code.
Currently I'm using my own methods to sanitize data, but I feel that it might be better to use the functions which WP uses.
I have looked at <a href="http://codex.wordpress.org/Data_Validation" rel="noreferrer">Data Validation</a> in Wordpress, but I'm unsure on how much of these functions I should use, and in what order. Can anyone tell what WP functions are best to use?
Currently I'm "sanitizing" my input by doing the following:
<ol>
<li>Because characters with accents (é, ô, æ, ø, å) got stored in a funny way in the Database (even though my tables are set to
,
and
), I'm now converting input fields that can have accents, using htmlentities(). </li>
<li>When creating the SQL string to input the data, I use
.</li>
</ol>
I don't think this is enough to prevent attacks though. So suggestions to improvement is greatly appreciated.
I have a form with a lot of input fields which needs to be sanitized before stored in the database.<br>
I want to prevent SQL injection, having javascript and PHP code injected and other harmful code.
Currently I'm using my own methods to sanitize data, but I feel that it might be better to use the functions which WP uses.
I have looked at <a href="http://codex.wordpress.org/Data_Validation" rel="noreferrer">Data Validation</a> in Wordpress, but I'm unsure on how much of these functions I should use, and in what order. Can anyone tell what WP functions are best to use?
Currently I'm "sanitizing" my input by doing the following:
<ol>
<li>Because characters with accents (é, ô, æ, ø, å) got stored in a funny way in the Database (even though my tables are set to
Code:
ENGINE=InnoDB
Code:
DEFAULT CHARSET=utf8
Code:
COLLATE=utf8_danish_ci<li>When creating the SQL string to input the data, I use
Code:
mysql_real_escape_string()</ol>
I don't think this is enough to prevent attacks though. So suggestions to improvement is greatly appreciated.