[wp-hackers] Filter for '

Dion Hulse (dd32) wordpress at dd32.id.au
Fri Sep 2 10:14:48 UTC 2011


Hi Frank,
All incoming data to WordPress has a form of "Magic Quotes" applied to it,
in other words, the data is addslashes()'d.
As a result, You'll need to call stripslashes() on incoming data. If you've
accepting an array, you can use stripslashes_deep().
(Please note: do NOT store a stripslashed version in $_POST, as doing so
could potentially causea security problem with older plugins).

To use the stripslashe()'d data in a SQL query, I would strongly recomend
using $wpdb->prepare() *if* you must make a direct query. see
http://codex.wordpress.org/Data_Validation#Database for the best preactices
for Database Access.

Cheers
Dion

On 2 September 2011 20:08, Frank Bueltge <frank at bueltge.de> wrote:

> Hello at all,
>
> i have an plugin, he send via _POST data from textarea, the textarea
> and all is inside a thickbox of WP. If i send the data with ', the i
> get an \' and also it is with \'post_tag\' to \\\'post_tag\\\'.
>
> I have deactivate the default-filters.php and check many other
> filters, but i dont find the filter for this topic. I will deactive
> the filter on the plugin-page for use my strings; is an sql query for
> send sql queries inside backen, only for devs. I have also list all
> active filters and actions, but i dont find the function, to do this.
>
> I hope, a people, this list recieve , can help me. Many thanks!
> Frank
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list