Do I need to deal with WordPress SQL Injection

Higher-level API functions like this in WP typically do the $wpdb->prepare() call to protect against MySQL injections.

As for content by default comments do allow HTML, however it isn’t just anything. If you examine default-filters.php there are quite a few sanitizing functions hooked to processing comment data, including wp_kses_post() which limits HTML to white listed subset.

Related Posts:

  1. An action hook where a comment meta is updated
  2. How To Disable Comments On New Page
  3. delete duplicate comments
  4. Get all child comments ids from parent comment id
  5. What is the point of get_comment_count() if you cannot limit by a comment type?
  6. count number of all comments by a user on different (non-repeated) posts
  7. SQL command to delete “pending comments” doesn’t work…?
  8. How do I comment out a block of tags in XML?
  9. R: Comment out block of code
  10. How to enable comments for pending and draft posts?
  11. A plugin where users can comment with Facebook or Twitter or OpenID [closed]
  12. Reverse comment pagination numbers
  13. Comment Count for each Comment Author
  14. Show comments from multiple post IDs in comment template
  15. get recent comments of a particular category
  16. Sticky Comments
  17. Whitelisting Commenters
  18. WP_Comment_Query() displays “password protected” comments?
  19. Comments number message in password protected post
  20. Disable Comments Feed
  21. Use rich text editor in comments?
  22. Add a custom class to awating comments
  23. How to add custom comment fields but *only on the comment reply form*?
  24. Is it possible to move a comment that should be a reply to another comment?
  25. Can I seperate comments from post?
  26. Show only posts which can be commented
  27. What should I hook to add extra fields to comments?
  28. Get a variable field of all comments of current post
  29. Average Score of all ratings in comments
  30. Making a Comment on a page without being on that page?
  31. How do I display the commentor’s first name and last name in the comments?
  32. Warning: call_user_func_array() expects parameter 1 to be a valid callback, func
  33. What is the server IP comment hack
  34. Do I have to have a nonce for a custom comment field?
  35. Get last seen date/time in wordpress get_comments() [closed]
  36. Report spam button
  37. Recent comments from my blogs only
  38. Disable or Enable Comments on Front end [closed]
  39. Change username to nickname in comment section
  40. Hide notifications regarding new comments
  41. Are there any “YouTube-styled” commenting systems for WordPress?
  42. how to change comment author’s link from user’s website to author’s page(author.php)?
  43. Add class to comment form div when comment-reply button is clicked
  44. Is it possible to embed github gists in wordpress comments?
  45. Comments feed – Undefined named entity: ndash
  46. warnCommentChanges always being triggered on update
  47. how get comments only on post of current logged in user?
  48. How to get comment id in callback function?
  49. Posting comment returns 404
  50. How-To and Troubleshooting Canonical Links for Paginated Comments
  51. How to convert WordPress comments to bbPress replies [closed]
  52. Get declared variable in single.php to work in comments.php without re-declaring it [closed]
  53. What is causing wp-comments-post.php to redirect to the browser’s IP address?
  54. Extra Title field for Comments
  55. Comments offset
  56. How to hide trackbacks on wp-admin/edit-comments.php
  57. comments_number not displaying
  58. Using a static callback on wp_insert_comment
  59. Insert Ads “into” comments section in Genesis Themework
  60. WordPress Recent Comments Widget exclude own comments
  61. How to prevent multiple comments
  62. How to get comment images stored as serialized comment meta
  63. Hide comments on specific pages, not just disable future comments
  64. Additional content every x comments
  65. How to display category name from commenter’s custom post
  66. Add comment_meta to wp_comment_reply
  67. How do comments work?
  68. Can’t reply to comments [closed]
  69. What’s the difference with trash_comment and wp_trash_comment?
  70. How can i change the order of comments?
  71. ask and edit an extra comment field
  72. Modify links in user comments
  73. Refresh individual comment text via API
  74. How to filter comments by comment_meta
  75. Prevent users to delete comments from trash
  76. How to get the `comment_post_ID`?
  77. How can I hide comment of the authors from their published posts?
  78. How to customize ‘children comments’ in WordPress?
  79. How to display replies to his comments in user profile of current user
  80. How do I refresh “Post Last Modified Time”, as long as comment is updated to Approve status?
  81. Top rated posts Average rating issue
  82. Need to output comment_form() function inside a foreach loop
  83. stop url changing when user comments
  84. Comment field override
  85. Badges for Guests based on their comment counts [closed]
  86. How to add a class to comment submit button?
  87. WordPress Commenting System User access and Security
  88. WordPress Comments – Only show part of user name
  89. Comments Template shows, but not the comments
  90. Broken comments section – WordPress 2014 Theme
  91. Need an advice about comments
  92. Force logged in users to provide more data when commenting
  93. How do I get the comments section to show up?
  94. By Default, Turn Comments Off for Pages & Leave Comments On for Posts
  95. same comment list for two posts
  96. Replace do_action() with a normal submit form in comments.php
  97. edit-comments.php in Admin – how to change ‘Comments’ title?
  98. Comments on pages not appearing, even though I enabled them
  99. Stop future commenting on specific post
  100. Add ACF Quick Edit Columns on Comments