[wp-hackers] wordpress options and security
Trevor Turk
trevorturk at yahoo.com
Tue Oct 18 17:01:48 GMT 2005
I hope that this is a simple question:
Do we need to sanitize user input when adding/updating
the options table in wordpress plugins? See this
example:
// setting options
function sf_options() {
if ( isset($_POST['sf_directory']) ) {
$sf_directory = $_POST['sf_directory'];
update_option('sf_directory', $sf_directory, '','');
}
if ( isset($_POST['sf_prefix']) ) {
$sf_prefix = $_POST['sf_prefix'];
update_option('sf_prefix', $sf_prefix, '','');
}
}
In this case, I'm not doing anything like
mysql_real_escape_string() or trim() - Do I need to?
Thanks,
- Trevor
More information about the wp-hackers
mailing list