[wp-hackers] Proper action to hook to save custom fields with comments?

Ryan Bilesky rbilesky at gmail.com
Mon Sep 27 19:34:13 UTC 2010


Sorry I did just thow the code together real quick.  Though I think the
function cleans up any input before it's queries, but yes it is better to
make sure you do it so you know it gets done.

On Sun, Sep 26, 2010 at 10:10 PM, Andrew Nacin <wp at andrewnacin.com> wrote:

> On Sun, Sep 26, 2010 at 11:17 PM, Ryan Bilesky <rbilesky at gmail.com> wrote:
>
> > try this
> >
> > add_action ('comment_post', 'add_meta_settings', 1);
> >
> > function add_meta_settings($comment_id) {
> >     add_comment_meta($comment_id, 'my_custom_stuff,
> > $_POST['my_custom_stuff], true);
> > }
> >
>
> Please don't use $_POST directly. This is considered unsafe.
> http://codex.wordpress.org/Data_Validation
>  _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list