Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?
I'm storing a URL.
Is it necessary to escape data when storing it in the user's meta-data? I'm not sure if WP does this automatically, or if it is even necessary. Also, if it is necessary, should I use mysql_real_escape_string via sanatize_meta?
I'm storing a URL.
Share Improve this question asked Apr 27, 2019 at 23:57 logic8logic8 1013 bronze badges1 Answer
Reset to default 2Yes, it's a good practice to sanitize input and escape output. It's important to use the correct function, though, so that you don't inadvertently mess up your data.
Since it's for a URL, use esc_url_raw() (it is specifically for db usage).
(Note: it may seem odd using a function with the "esc_" stem for sanitizing, since I just stated sanitize input, escape output, but this particular function specifically the deprecated sanitize_url() function.)
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1745545260a4632308.html
评论列表(0条)