How to sanitize $_POST for wordpress WP_QUERY?

Question

Anyone know how to sanitize the $_POST for wordpress? Or is it already sanitized when i used the WP_QUERY? thanks!

I was thinking whether i use mysql_escape() or esc_sql() [wordpress function].

function checkIfEmailAndPasswordHaveUser( $email, $password ) {   

$args = array(
    'post_type'  => 'my_custom_post_type',
    'meta_query' => array(
        array(
            'key'     => 'email',
            'value'   => $email
        ),
        array(
            'key'       => 'password',
            'value'     => $password
        ),
    ),
);

$query = new WP_Query( $args );
    if( !$query->have_posts() ) {
        return false;
    } else {
        // return the user's ID
        return $query->posts[0]->ID;
    }
}

$post_user_email        = trim( $_POST['user_email'] );
$post_user_password     = trim( $_POST['user_password'] );

// check if user_id exist
$result = checkIfEmailAndPasswordHaveUser($post_user_email, $post_user_password);

https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data — Phiter, Feb 24 '16 at 13:53
seems like those are the functions to prevent XSS attacks. I was hoping something to prevent SQL injections. What i meant with the question is, do i have to mysql_escape it when i use WP_QUERY or ACF functions. — Raymond Seger, Feb 24 '16 at 13:57

score 7 · Accepted Answer · answered Jul 22 '17 at 04:00

7

turns out WP sanitizes it automatically.

answered Jul 22 '17 at 04:00

Raymond Seger

1,080
5
17
34

How to sanitize $_POST for wordpress WP_QUERY?

1 Answers1