Prevent attacks, $_POST data security, wp_strip_all_tags


When writing code that accepts input from users I always sanitize data one variable at a time.


$title = wp_strip_all_tags($_POST['title']);
$content = wp_strip_all_tags($_POST['content']);

I had the idea of simplifying things by sanitizing everything at once, inside a loop:

foreach ($_POST as $key => $value) $_POST[$key] = wp_strip_all_tags($value);

When something more specific is needed, I may later add

if (!is_email($_POST['email'])) die();

Do you think this is a good approach, given that I won’t be accepting html tags in this case?

Am I safe from sql injection attacks or some other sort of maliciusness?



>>> Share a link to this question, just copy and paste the code bellow on your web page <<<

<a href="">

Prevent attacks, $_POST data security, wp_strip_all_tags</a>
, Nicola 5 months 0 Answers 84 views 0

Leave an answer