CMS Mastering Development Wordpress

Prevent attacks, $_POST data security, wp_strip_all_tags

When writing code that accepts input from users I always sanitize data one variable at a time.


$title = wp_strip_all_tags($_POST['title']);
$content = wp_strip_all_tags($_POST['content']);

I had the idea of simplifying things by sanitizing everything at once, inside a loop:

foreach ($_POST as $key => $value) $_POST[$key] = wp_strip_all_tags($value);

When something more specific is needed, I may later add

if (!is_email($_POST['email'])) die();

Do you think this is a good approach, given that I won’t be accepting html tags in this case?

Am I safe from sql injection attacks or some other sort of maliciusness?


Leave a Reply

Your email address will not be published. Required fields are marked *