Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Add info for preventing injection in WordPress #38

Merged
merged 1 commit into from

2 participants

@mjangda

Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.

@mjangda mjangda Add info for preventing injection in WordPress
Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.
036da47
@petdance
Owner

This looks great! I'll go over it tomorrow for sure.

Thanks!

@petdance petdance merged commit fa51938 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 28, 2012
  1. @mjangda

    Add info for preventing injection in WordPress

    mjangda authored
    Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.
This page is out of date. Refresh to see the latest.
Showing with 18 additions and 0 deletions.
  1. +18 −0 s/php.md
View
18 s/php.md
@@ -69,3 +69,21 @@ And a shorter way to pass things in.
$dbh = new PDO('mysql:dbname=testdb;host=127.0.0.1', $user, $password);
$stmt = $dbh->prepare('UPDATE people SET name = :new_name WHERE id = :id');
$stmt->execute( array('new_name' => $name, 'id' => $id) );
+
+Applications & Frameworks
+=========================
+
+WordPress
+---------
+
+If your site/blog/application is running on [WordPress](http://wordpress.org), you can use the `prepare` method of the `$wpdb` class, which supports both a sprintf()-like and vsprintf()-like syntax.
+
+ global $wpdb;
+ $wpdb->query( $wpdb->prepare( "SELECT name FROM people WHERE id = %d OR email = %s", $person_id, $person_email ) );
+
+For INSERTs, UPDATEs, and DELETEs, you can use the handy helper methods in the class, which allow you to specify the format of the submitted values.
+
+ global $wpdb;
+ $wpdb->insert( 'people', array( 'person_id' => '123', 'person_email' => 'bobby@tables.com' ), array( '%d', '%s' ) );
+
+More details on the [WordPress Codex](http://codex.wordpress.org/Class_Reference/wpdb).
Something went wrong with that request. Please try again.