[wp-hackers] idea: no SQL in themes

Robert Deaton false.hopes at gmail.com
Tue Nov 15 21:07:19 GMT 2005

I honestly think that there is no real way to stop database queries
from within themes, and I don't see the security benefit from it.
Sure, you may say stopping SQL from running would make it more secure,
but don't you think there are other areas we should be focusing
on...shell_exec, popen, etc. SQL should be the least of our worries,
and I don't think this sort of security is really much of a worry at

On 11/15/05, David House <dmhouse at gmail.com> wrote:
> On 15/11/05, John Joseph Bachir <jjb at ibiblio.org> wrote:
> > What do people think of the idea of not allowing database calls in themes?
> > There would be an obvious security benefit, but also it would make it
> > easier for less geeky people to develop wordpress themes.
> I don't see any reason for positively banning SQL calls, but certainly
> providing a comprehensive API for all possible DB calls is a good
> idea.
> --
> -David House, dmhouse at gmail.com, http://xmouse.ithium.net
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

--Robert Deaton

More information about the wp-hackers mailing list