Who is responsible for data sanitization in WordPress development?

Yes, WordPress will sanitise data on its way to the database, so long as you use the APIs.

If you’re using the wpdb object however you’ll need to use the prepare method to sanitise. I recommend against writing SQL queries as it bypasses object caches etc, but if you must write your own SQL, use wpdb to prepare and execute it

For calls such as WP_Query, get_posts, add_post_meta etc etc sanitisation occurs

Note that this is purely DB sanitisation, any additional sanitisation or validation you require, such as trimming trailing spaces, validation of URLs, stripping tags, escaping, etc, must all be done in your code

Related Posts:

  1. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  2. Is sanitize_text_field() is enough to save to DB?
  3. What is the proper way to validate and sanitize JSON response from REST API?
  4. What’s the proper way to sanitize checkbox value sent to the database
  5. Safely store code(html/js..) into database
  6. MySQL Database User: Which Privileges are needed?
  7. Database synchronization between dev/staging and production
  8. How can I make updates to a site, on a development copy, but then move updates back without overriding live site’s evolving database?
  9. Safest way to bulk delete post revisions
  10. How can I make a WordPress database portable and url independent?
  11. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  12. is_email() VS sanitize_email()
  13. Why does $wpdb return strings for mysql integer values?
  14. Dealing with Many Meta Values, 30+
  15. When is it appropriate to create a new table in the WordPress database?
  16. Is it possible to switch the data layer within WordPress?
  17. What is the most secure way to store post meta data in WP?
  18. store simple data in get_option()
  19. Default WordPress settings API data sanitization
  20. How to delete outdated, wrongly sized images in _wp_attachment_metadata?
  21. Have multiple local wordpress installs share a wp-content folder and database
  22. How to display data from custom table in wordpress database?
  23. How to implement content from external database into WordPress text page? [closed]
  24. Cloning and syncing a WordPress website
  25. What actions affect files, DB, or both?
  26. Using two different DB users on one WP install
  27. Add search Value to wp_list_table pagination
  28. Is $wpdb->prepare escaping to much? How to use it properly?
  29. How does WordPress store data?
  30. How to fix unchanged URLs in Database after running serialized search and replace script?
  31. Merging WordPress posts from different databases
  32. Should non-WordPress data get its own DB?
  33. vs WordPress Security
  34. How do I properly update the WordPress database password?
  35. Search and replace special characters (å,ä,ö) for image attachments only in database
  36. Permit Login if table row exists
  37. data (html) migration to posts
  38. Localhost to Staging to Development Dynamic WP-CONFIG
  39. Setup 3 Sites To Connect To 1 Database and Share Data
  40. Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
  41. WordPress and user security
  42. Uknown meta entries in wp_postmeta
  43. Is it necessary to do validation again when retrieving data from database?
  44. What can I do when an outside party hacks into my weblog and changes my display name?
  45. creating new field on mysql
  46. Why user_pass column in wp_users table is varchar(64)
  47. Using $wpdb | checking entered email against existing emails in db
  48. Can local WordPress installs share /wp-content/ folder and database?
  49. How WordPress sanitizes post content on save? Or it doesn’t?
  50. WordPress security [closed]
  51. SymmetricDS in dev + prod workflow?
  52. Secure way to use name_save_pre?
  53. WordPress Database – wp_usermeta and the correct number of session_tokens rows
  54. Insert NULL value using prepare()
  55. Where is the HTML-handler part in the wpdb class?
  56. A WP dev site that displays content from a live site’s database but cannot write to wp_posts?
  57. WPCLI search and replace in a particlar site dir effect another site-dir
  58. Merging development site with live site
  59. spambot registering without providing email or password, bypassing registration process
  60. One WP Database outside localhost and two connections
  61. Hash user emails in database?
  62. Get id from database
  63. Share WordPress Database
  64. MySQL Database User: Which Privileges are needed?
  65. how to sanitizing $_POST with the correct way?
  66. Disable Database Update Required ? break my website
  67. How to transfer from localHost to live but use the already existing database on the server?
  68. Files on Localhost, Database on Server
  69. Brandoo WordPress Unable to Update to WordPress 4.2.2
  70. Connecting to wordpress database in my application [closed]
  71. WordPress as a frontend website for iOS app [closed]
  72. Website displays old version of page
  73. Woocommerce – Check product stock availability from external database
  74. Backing up WordPress database and files
  75. Create Pages for database content
  76. Get results from wordpress data custom table
  77. Is it risky if I update all url in the database due to my site url changed?
  78. Should I use an additional column in the DB?
  79. No users table in WordPress’s database
  80. Outputting query results
  81. Help With a Large WordPress Based MySQL Database on Shared Hosting
  82. Storing user submitted forms [closed]
  83. User Tracking for Custom Post Type “Lesson”. Database Queries and Performance
  84. How to split the WordPress database?
  85. $wpdb->get_var – What value is returned when zero records are found?
  86. Understanding WordPress Search
  87. Remote database -> massive response time increase?
  88. Custom Post Type not showing anything added by code anymore?
  89. WordPress where clauses in db select
  90. Image link issues after importing a database backup to my local web server
  91. multiple wordpress installs w/shared user database but separate content databases
  92. How to display data from db in select list [closed]
  93. access JSON results from wordpress database with wpdb
  94. How long is “as long as possible” in wp_cache_set()?
  95. wp_option table error while importing
  96. How to add checkbox with multiple values in table?
  97. wp_insert_user not creating account correctly when ID is manually set
  98. Installing local to live WP into subdirectory
  99. A change in URL slug in database returns 404, how can I do auto-redirect?
  100. WordPress SQL – How to Check for Category?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)