Permalink
Browse files

Merge pull request #38 from mjangda/patch-1

Add info for preventing injection in WordPress
  • Loading branch information...
2 parents 39904a5 + 036da47 commit fa519389ca83f4ebdd3c66572718bba8dd5ea3d2 @petdance committed Oct 4, 2012
Showing with 18 additions and 0 deletions.
  1. +18 −0 s/php.md
View
@@ -69,3 +69,21 @@ And a shorter way to pass things in.
$dbh = new PDO('mysql:dbname=testdb;host=127.0.0.1', $user, $password);
$stmt = $dbh->prepare('UPDATE people SET name = :new_name WHERE id = :id');
$stmt->execute( array('new_name' => $name, 'id' => $id) );
+
+Applications & Frameworks
+=========================
+
+WordPress
+---------
+
+If your site/blog/application is running on [WordPress](http://wordpress.org), you can use the `prepare` method of the `$wpdb` class, which supports both a sprintf()-like and vsprintf()-like syntax.
+
+ global $wpdb;
+ $wpdb->query( $wpdb->prepare( "SELECT name FROM people WHERE id = %d OR email = %s", $person_id, $person_email ) );
+
+For INSERTs, UPDATEs, and DELETEs, you can use the handy helper methods in the class, which allow you to specify the format of the submitted values.
+
+ global $wpdb;
+ $wpdb->insert( 'people', array( 'person_id' => '123', 'person_email' => 'bobby@tables.com' ), array( '%d', '%s' ) );
+
+More details on the [WordPress Codex](http://codex.wordpress.org/Class_Reference/wpdb).

0 comments on commit fa51938

Please sign in to comment.