I’m using WordPress as CMS and have a checkout page where info is inserted into the db using $wpdb->insert. I have 2 questions:
- Is ‘sql injection’ already a part of that function or do I need to add my own code?
- Are there wordpress form input validation functions that I can use on my custom form?
2 Answers
Is ‘sql injection’ already a part of that function or do I need to add my own code?
When inserting input to the database you should use prepare method of WPDB class which supports both a sprintf() – like and vsprintf() -like syntax. read more at the codex
Are there wordpress form input validation functions that I can use on my custom form?
Yes there are many and they are covered in Data Validation codex entry like toscho pointed out.
