How to prevent SQL Injection in Wordpress?

sql wordpress security sql-injection
20,025

From the WordPress Codex on protecting queries against SQL Injection attacks:

<?php $sql = $wpdb->prepare( 'query' , value_parameter[, value_parameter ... ] ); ?>

If you scroll down a bit farther, there are examples.

You should also read the database validation docs for a more thorough overview of SQL escaping in WordPress.

Share:
20,025
Admin
Author by

Admin

Updated on August 15, 2020

Comments

  • Admin
    Admin over 3 years

    I'm currently using the following query to get values in mysql using php:

    The code is working, but now I'm worried about sql injections.

    How to prevent SQL injection?

    <?php include_once("wp-config.php");
@$gameid = $_GET['gameid'];

global $wpdb;
$fivesdrafts = $wpdb->get_results( 
    "
    SELECT ID
    FROM $wpdb->posts
    WHERE  ID = ".$gameid." 

    "
);
?>

    is this safe?

    <?php include_once("wp-config.php");
@$gameid = mysql_real_escape_string($_GET['gameid']);

global $wpdb;
$fivesdrafts = $wpdb->get_results(
$wpdb->prepare(
    "
    SELECT ID
    FROM $wpdb->posts
    WHERE  ID = %d", ".$gameid.")
);
?>

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to trace possible SQL injection attack?
How can I avoid SQL injection attacks in my ASP.NET application?
What are good ways to prevent SQL injection?
Can I protect against SQL injection by escaping single-quote and surrounding user input with single-quotes?
How can I prevent SQL injection in PHP?
SQL injection that gets around mysql_real_escape_string()
Examples of SQL Injections through addslashes()?
Does using parameterized SqlCommand make my program immune to SQL injection?
SQL Query to Get Users With Role Subscriber
Order by custom field (numeric) in WP_Query