Is this code vulnerable to SQL injection attacks? $sql = SELECT DISTINCT ID, post_title,

Question

0

Asked: May 24, 20262026-05-24T21:44:25+00:00 2026-05-24T21:44:25+00:00

Is this code vulnerable to SQL injection attacks? $sql = SELECT DISTINCT ID, post_title,

0

Is this code vulnerable to SQL injection attacks?

$sql = "SELECT DISTINCT ID, post_title, post_password, comment_ID, comment_post_ID, comment_author, comment_author_email, comment_date_gmt, comment_approved, comment_type, comment_author_url, SUBSTRING(comment_content,1,70) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID = $wpdb->posts.ID) WHERE comment_approved = '1' AND comment_type = '' AND post_password = '' ORDER BY comment_date_gmt DESC LIMIT 5";

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T21:44:28+00:00

Editorial Team

2026-05-24T21:44:28+00:00Added an answer on May 24, 2026 at 9:44 pm

Assuming the $wpdb object is untouchable from the outside (which is generally true in WordPress), I’d say you’re safe with this particular query.

You really only need to worry about passing in any parameter received from an external source.

WordPress offers several methods for handling user input in queries. See http://codex.wordpress.org/Data_Validation#Database

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is this code vulnerable to SQL injection attacks? $sql = SELECT DISTINCT ID, post_title,

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply