Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Add info for preventing injection in WordPress #38

Merged
merged 1 commit into from

2 participants

@mjangda

Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.

@mjangda mjangda Add info for preventing injection in WordPress
Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.
036da47
@petdance
Owner

This looks great! I'll go over it tomorrow for sure.

Thanks!

@petdance petdance merged commit fa51938 into petdance:master
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Sep 28, 2012
  1. @mjangda

    Add info for preventing injection in WordPress

    mjangda authored
    Also adds a new section called "Applications & Frameworks", which might be useful to consolidate info from other popular PHP applications and frameworks.
This page is out of date. Refresh to see the latest.
Showing with 18 additions and 0 deletions.
  1. +18 −0 s/php.md
View
18 s/php.md
@@ -69,3 +69,21 @@ And a shorter way to pass things in.
$dbh = new PDO('mysql:dbname=testdb;host=127.0.0.1', $user, $password);
$stmt = $dbh->prepare('UPDATE people SET name = :new_name WHERE id = :id');
$stmt->execute( array('new_name' => $name, 'id' => $id) );
+
+Applications & Frameworks
+=========================
+
+WordPress
+---------
+
+If your site/blog/application is running on [WordPress](http://wordpress.org), you can use the `prepare` method of the `$wpdb` class, which supports both a sprintf()-like and vsprintf()-like syntax.
+
+ global $wpdb;
+ $wpdb->query( $wpdb->prepare( "SELECT name FROM people WHERE id = %d OR email = %s", $person_id, $person_email ) );
+
+For INSERTs, UPDATEs, and DELETEs, you can use the handy helper methods in the class, which allow you to specify the format of the submitted values.
+
+ global $wpdb;
+ $wpdb->insert( 'people', array( 'person_id' => '123', 'person_email' => 'bobby@tables.com' ), array( '%d', '%s' ) );
+
+More details on the [WordPress Codex](http://codex.wordpress.org/Class_Reference/wpdb).
Something went wrong with that request. Please try again.