Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS WordPress How to prevent SQL Injection in Wordpress?

Thread Rating:
  • 252 Vote(s) - 3.49 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
How to prevent SQL Injection in Wordpress?

Offline jedlicka619


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Sep 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-27-2023, 10:19 AM
I'm currently using the following query to get values in mysql using php:

The code is working, but now I'm worried about sql injections.


How to prevent SQL injection?


<?php include_once("wp-config.php");
@$gameid = $_GET['gameid'];

global $wpdb;
$fivesdrafts = $wpdb->get_results(
"
SELECT ID
FROM $wpdb->posts
WHERE ID = ".$gameid."

"
);
?>



is this safe?


<?php include_once("wp-config.php");
@$gameid = mysql_real_escape_string($_GET['gameid']);

global $wpdb;
$fivesdrafts = $wpdb->get_results(
$wpdb->prepare(
"
SELECT ID
FROM $wpdb->posts
WHERE ID = %d", ".$gameid.")
);
?>
Reply

Offline fulminant928


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Dec 2017
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-27-2023, 10:43 AM
From the [WordPress Codex on protecting queries against SQL Injection attacks](

[To see links please register here]

):

<?php $sql = $wpdb->prepare( 'query' , value_parameter[, value_parameter ... ] ); ?>

If you scroll down a bit farther, there are [examples](

[To see links please register here]

).

You should also read the [database validation docs](

[To see links please register here]

) for a more thorough overview of SQL escaping in WordPress.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
1 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through