Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am wondering if wordpress’ insert function also adds slashes to data. If it doesn’t it would seem that the prepare query method would be better to prevent against SQL injection. I tried looking the issue up in there codex/api; however, it seems undocumented.
Thanks!
WordPress uses ezSQL to query the database. Technically, it is not an abstraction layer but it does take away some of the boilerplate code. ezSQL has a function
escapeso I assume that WordPress would always call the escape function before executing a query. But to be certain you would have to take a look at the source code.This is how you escape a string in WordPress:
$safe_string = $wpdb->escape($unsafe_string);