[wp-hackers] idea: no SQL in themes

John Joseph Bachir jjb at ibiblio.org
Tue Nov 15 20:48:37 GMT 2005


What do people think of the idea of not allowing database calls in themes? 
There would be an obvious security benefit, but also it would make it 
easier for less geeky people to develop wordpress themes.

Looking at a few themes it looks like the only calls to $wpdb methods that 
people use are 4 in comments-popup.php, and the query counter in the 
footer. This functionality could all easily be provided through wordpress 

So I guess the questions are:

[1] does anyone know of more extensive/custom/complicated sql that any 
particular themes use (therefore rendering SQL restriction a Bad Idea)?

[2] how difficult would it be to restrict calls to the database within 
themes? a few simple solutions pop to mind, i'm going to have to think a 
little more about what a comprehensive solution would entail.


More information about the wp-hackers mailing list