Yes, WordPress will sanitise data on its way to the database, so long as you use the APIs.
If you’re using the wpdb
object however you’ll need to use the prepare
method to sanitise. I recommend against writing SQL queries as it bypasses object caches etc, but if you must write your own SQL, use wpdb
to prepare and execute it
For calls such as WP_Query
, get_posts
, add_post_meta
etc etc sanitisation occurs
Note that this is purely DB sanitisation, any additional sanitisation or validation you require, such as trimming trailing spaces, validation of URLs, stripping tags, escaping, etc, must all be done in your code
Related Posts:
- In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
- Is sanitize_text_field() is enough to save to DB?
- What is the proper way to validate and sanitize JSON response from REST API?
- What’s the proper way to sanitize checkbox value sent to the database
- Safely store code(html/js..) into database
- MySQL Database User: Which Privileges are needed?
- Database synchronization between dev/staging and production
- How can I make updates to a site, on a development copy, but then move updates back without overriding live site’s evolving database?
- Safest way to bulk delete post revisions
- How can I make a WordPress database portable and url independent?
- How to properly validate data from $_GET or $_REQUEST using WordPress functions?
- is_email() VS sanitize_email()
- Why does $wpdb return strings for mysql integer values?
- Dealing with Many Meta Values, 30+
- When is it appropriate to create a new table in the WordPress database?
- Is it possible to switch the data layer within WordPress?
- What is the most secure way to store post meta data in WP?
- store simple data in get_option()
- Default WordPress settings API data sanitization
- How to delete outdated, wrongly sized images in _wp_attachment_metadata?
- Have multiple local wordpress installs share a wp-content folder and database
- How to display data from custom table in wordpress database?
- How to implement content from external database into WordPress text page? [closed]
- Cloning and syncing a WordPress website
- What actions affect files, DB, or both?
- Using two different DB users on one WP install
- Add search Value to wp_list_table pagination
- Is $wpdb->prepare escaping to much? How to use it properly?
- How does WordPress store data?
- How to fix unchanged URLs in Database after running serialized search and replace script?
- Merging WordPress posts from different databases
- Should non-WordPress data get its own DB?
- vs WordPress Security
- How do I properly update the WordPress database password?
- Search and replace special characters (å,ä,ö) for image attachments only in database
- Permit Login if table row exists
- data (html) migration to posts
- Localhost to Staging to Development Dynamic WP-CONFIG
- Setup 3 Sites To Connect To 1 Database and Share Data
- Unable to sanitize in customizer and escape in theme without removing ability for user to use “< br >” to insert a line break
- WordPress and user security
- Uknown meta entries in wp_postmeta
- Is it necessary to do validation again when retrieving data from database?
- What can I do when an outside party hacks into my weblog and changes my display name?
- creating new field on mysql
- Why user_pass column in wp_users table is varchar(64)
- Using $wpdb | checking entered email against existing emails in db
- Can local WordPress installs share /wp-content/ folder and database?
- How WordPress sanitizes post content on save? Or it doesn’t?
- WordPress security [closed]
- SymmetricDS in dev + prod workflow?
- Secure way to use name_save_pre?
- WordPress Database – wp_usermeta and the correct number of session_tokens rows
- Insert NULL value using prepare()
- Where is the HTML-handler part in the wpdb class?
- A WP dev site that displays content from a live site’s database but cannot write to wp_posts?
- WPCLI search and replace in a particlar site dir effect another site-dir
- Merging development site with live site
- spambot registering without providing email or password, bypassing registration process
- One WP Database outside localhost and two connections
- Hash user emails in database?
- Get id from database
- Share WordPress Database
- MySQL Database User: Which Privileges are needed?
- how to sanitizing $_POST with the correct way?
- Can I have multiple primary keys in a single table?
- Data sanitization: Best Practices with code examples
- How to create bulk page and content? [closed]
- The revisions table in my database is at 70% capacity and growing. What should I do?
- WordPress for a very large website
- WP_list_table bulk_action get edit and delete
- stdObject stored in database. How does one convert it to usable format?
- I have a table I created, how do I make a form for a user to filter the data?
- Does WordPress ever need multiple databases?
- Why are no posts showing despite my apparently correct DB restoration?
- Show last modified date of database
- What generates these very slow postmeta queries? [closed]
- How to scan barcode and store data into a database [closed]
- Fetching values from database for select box
- fastest replacement DB
- Have working sql query… trying to adjust it to use $wpdb
- Best host for running large mem and processor intensive WordPress sites?
- Strange characters added to the database
- Image link issues after importing a database backup to my local web server
- multiple wordpress installs w/shared user database but separate content databases
- Updating seperate database when post attachment is changed
- add featured image dialog box disappear
- How to get a list of articles related to a particular category from my other WordPress website?
- /wp-admin not accessible after migrating to local host (no plugin issue)
- set_transient fails if the value has more than 60.000 characters
- WordPress how do I echo SUM from a column of a MySQL table by user id AND type_operation
- How can I get $wpdb to show MySQL warnings?
- About wp database hooks (error establishing connection)
- Create Tables in WordPress
- WordPress Failed to Login (DB Error)
- Check if values exists DB
- ERROR: “Table Prefix” must not be empty
- How do you build a database-centric site in WP?
- WordPress: Interact with Database Query Data and Login
- Weird WP -Cli Error Connection Refused