Prevent attacks, $_POST data security, wp_strip_all_tags

Question

When writing code that accepts input from users I always sanitize data one variable at a time.

Example:

$title = wp_strip_all_tags($_POST['title']);
$content = wp_strip_all_tags($_POST['content']);

I had the idea of simplifying things by sanitizing everything at once, inside a loop:

foreach ($_POST as $key => $value) $_POST[$key] = wp_strip_all_tags($value);

When something more specific is needed, I may later add

if (!is_email($_POST['email'])) die();

Do you think this is a good approach, given that I won’t be accepting html tags in this case?

Am I safe from sql injection attacks or some other sort of maliciusness?

Thanks

--------------------------------------------------

>>> Share a link to this question, just copy and paste the code bellow on your web page <<<

<a href="https://www.wptricks.com/question/prevent-attacks-_post-data-security-wp_strip_all_tags/">

Prevent attacks, $_POST data security, wp_strip_all_tags</a>
0
, Nicola 5 months 0 Answers 84 views 0

Leave an answer