Return to Question

Tweeted twitter.com/#!/StackCodeReview/status/607512675250262016

occurred Jun 7, 2015 at 11:41

deleted 5 characters in body; edited tags; edited title

Source Link

edited Jun 7, 2015 at 8:58

200_success

edited Jun 7, 2015 at 8:58

200_success

145.5k
22
190
478

Is my php code safe? Inserting a name into a database table

I want to ask you if my PHP code is safe enoughtenough. I don't know if iI should escape special characters in string after regex validation:

<?php
require_once '../../../wp-load.php';
$errors = [];
if (preg_match('/[^a-ząćęółśżźń ]/i', $_POST['name']) || strlen(trim($_POST['name'])) == 0 || strlen($_POST['name']) > 60) {
 $errors[] = "Invalid name";
}
if (empty($errors)) {
 echo json_encode(['status' => true]);
 $wpdb->query($wpdb->prepare("INSERT INTO people VALUES(null, %s)", $_POST['name']));
} else {
 echo json_encode(['status' => false, 'errors' => $errors]);
}

And what if i use PDO prepare instead of wordpress function?

Is my php code safe?

I want to ask you if my PHP code is safe enought. I don't know if i should escape special characters in string after regex validation:

<?php
require_once '../../../wp-load.php';
$errors = [];
if (preg_match('/[^a-ząćęółśżźń ]/i', $_POST['name']) || strlen(trim($_POST['name'])) == 0 || strlen($_POST['name']) > 60) {
 $errors[] = "Invalid name";
}
if (empty($errors)) {
 echo json_encode(['status' => true]);
 $wpdb->query($wpdb->prepare("INSERT INTO people VALUES(null, %s)", $_POST['name']));
} else {
 echo json_encode(['status' => false, 'errors' => $errors]);
}

And what if i use PDO prepare instead of wordpress function?

Inserting a name into a database table

I want to ask you if my PHP code is safe enough. I don't know if I should escape special characters in string after regex validation:

<?php
require_once '../../../wp-load.php';
$errors = [];
if (preg_match('/[^a-ząćęółśżźń ]/i', $_POST['name']) || strlen(trim($_POST['name'])) == 0 || strlen($_POST['name']) > 60) {
 $errors[] = "Invalid name";
}
if (empty($errors)) {
 echo json_encode(['status' => true]);
 $wpdb->query($wpdb->prepare("INSERT INTO people VALUES(null, %s)", $_POST['name']));
} else {
 echo json_encode(['status' => false, 'errors' => $errors]);
}

And what if i use PDO prepare instead of wordpress function?

Source Link

asked Jun 7, 2015 at 8:42

rafal235

asked Jun 7, 2015 at 8:42

rafal235

Is my php code safe?

I want to ask you if my PHP code is safe enought. I don't know if i should escape special characters in string after regex validation:

<?php
require_once '../../../wp-load.php';
$errors = [];
if (preg_match('/[^a-ząćęółśżźń ]/i', $_POST['name']) || strlen(trim($_POST['name'])) == 0 || strlen($_POST['name']) > 60) {
 $errors[] = "Invalid name";
}
if (empty($errors)) {
 echo json_encode(['status' => true]);
 $wpdb->query($wpdb->prepare("INSERT INTO people VALUES(null, %s)", $_POST['name']));
} else {
 echo json_encode(['status' => false, 'errors' => $errors]);
}

And what if i use PDO prepare instead of wordpress function?

php sql security

default