[wp-hackers] best practices for input/output sanitisation?

Paul Gibbs djpaul at gmail.com
Tue Dec 7 17:59:07 UTC 2010


Hi all

I would appreciate advice on what the definitive way is of handling data received from forms, and storing it in a plugin's database table. Specifically, text boxes and text areas. What filters should be run on the data prior to it being inserted in to the database, and what filters should be run on the data prior to display? I appreciate that many filters can be run, especially on output, so I am hoping someone can provide a list of the essentials to do it safely.

To give some context, this example text box would be the name of a doodad (similar to a post's title), and the text area would be the content associated with this doodad (incl. possible HTML, similar to a post's content). This is meant to be an abstract, easy-to-understand example; saying "use custom post types" will not help me learn which filters to use :)

I'm asking because I'm reviewing the way some of my plugins stores and sanitises its data, and while I think I have a good understanding, I would greatly appreciate clarification from the collective geniuses on this list. Thanks.

Regards
Paul Gibbs


More information about the wp-hackers mailing list