Anyone know how to sanitize the $_POST
for wordpress? Or is it already sanitized when i used the WP_QUERY
? thanks!
I was thinking whether i use mysql_escape()
or esc_sql()
[wordpress function].
function checkIfEmailAndPasswordHaveUser( $email, $password ) {
$args = array(
'post_type' => 'my_custom_post_type',
'meta_query' => array(
array(
'key' => 'email',
'value' => $email
),
array(
'key' => 'password',
'value' => $password
),
),
);
$query = new WP_Query( $args );
if( !$query->have_posts() ) {
return false;
} else {
// return the user's ID
return $query->posts[0]->ID;
}
}
$post_user_email = trim( $_POST['user_email'] );
$post_user_password = trim( $_POST['user_password'] );
// check if user_id exist
$result = checkIfEmailAndPasswordHaveUser($post_user_email, $post_user_password);
The easiest way to sanitize data is with built-in WordPress functions. The sanitize_*() series of helper functions provide an effective way to ensure you're ending up with safe data, and they require minimal effort on your part: sanitize_email() sanitize_file_name()
sanitize_url( string $url, string[] $protocols = null ): string. Performs esc_url() for database or redirect usage.
you can use the function to sanitize any checkbox. For example: if you want to check if your user submit the value "submit_doors" from the check box, then you can use the function like this. $sanitized_value = ! empty($_POST['door']) ?
Avoid post__not_inIt's usually used to exclude certain post IDs from a query's results.
turns out WP sanitizes it automatically.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With