Subscribe to CodeScissors        RSS Feed

Creating WordPress Plugin - attention to $_POST

Icon Leave Comment
I'm currently working on a WordPress Plugin which also writes to the MySQL Database, using the $wpdb-class, prevented by the WordPress Plugin-API.

I came up with some strange behavior doing that:
I used the $wpdb->prepare()-function for the Database-Querys, but afterwards, every "-Character was stored in the Database as \". I first thought about Magic Quotes, but they were deaktivated.

I originally asked about this here on DIC in this topic, but for everyone reading the Blogs here and for myself, i'll post my solution here.

The Solution
WP automatically escapes everything in the $_POST-Array (no matter if Magic Quotes is activated or not).

WP also prevents a function called stripslashes_deep() (see here) which removes the slashes.

Also i went on the #wordpress IRC Channel and talked to some guys. They told me not to use the function like this:
$_POST = stripslashes_deep($_POST);

Instead of doing this, use the PHP function stripslashes for the elements the plugin needs. So this is what you'll use:
$element = stripslashes($_POST['the_element']);

So, happy WP-Coding!

Greetings: Luke

0 Comments On This Entry


Trackbacks for this entry [ Trackback URL ]

There are no Trackbacks for this entry

Recent Entries

0 user(s) viewing

0 Guests
0 member(s)
0 anonymous member(s)