[wp-hackers] WP 3.5.2/multisite: How to use NOT IN in $wpdb->prepare()?

Nicholas Ciske nl at thoughtrefinery.com
Tue Jul 16 06:59:21 UTC 2013

If you play it safe, then the other developers can’t grab something unsafe from a form or query string and open up a security hole via your code.

IDs are so easy to sanitize, there's no reason not to.

Nick Ciske

On Jul 16, 2013, at 1:55 AM, Micky Hulse wrote:
> There will
> be no forms or users (ones that I don't trust) that will have access
> to this code, so I can be pretty certain the input will be legit.
> Maybe I'm being overly cautious? I guess a part of me wants to just
> play it safe even though I completely trust where the IDs are coming
> from. :)

More information about the wp-hackers mailing list