[wp-hackers] WP 3.5.2/multisite: How to use NOT IN in $wpdb->prepare()?
nl at thoughtrefinery.com
Tue Jul 16 06:59:21 UTC 2013
If you play it safe, then the other developers can’t grab something unsafe from a form or query string and open up a security hole via your code.
IDs are so easy to sanitize, there's no reason not to.
On Jul 16, 2013, at 1:55 AM, Micky Hulse wrote:
> There will
> be no forms or users (ones that I don't trust) that will have access
> to this code, so I can be pretty certain the input will be legit.
> Maybe I'm being overly cautious? I guess a part of me wants to just
> play it safe even though I completely trust where the IDs are coming
> from. :)
More information about the wp-hackers