Prevent attacks, $_POST data security, wp_strip_all_tags

Add question

Username* Please type your username .

E-Mail* Please type your E-Mail .

Question Title* Please choose an appropriate title for the question to answer it even easier .

Category Please choose the appropriate category so others can easily search your question.

Tags Please choose suitable Keywords Ex : question , poll .

Poll This question is a poll ? If you want to be doing a poll click here .

Featured image

Browse

Details*

Ask Anonymously Anonymous asks

Video description Do you need a video to description the problem better ?

Video type Choose from here the video type .

Video ID Put here the video id : https://www.youtube.com/watch?v=sdUUx5FdySs EX : 'sdUUx5FdySs'.

Notified Notified by e-mail at incoming answers.

Terms* By asking your question, you agree to the Terms of Service and Privacy Policy.

Captcha*

Question

When writing code that accepts input from users I always sanitize data one variable at a time.

Example:

$title = wp_strip_all_tags($_POST['title']);
$content = wp_strip_all_tags($_POST['content']);

I had the idea of simplifying things by sanitizing everything at once, inside a loop:

foreach ($_POST as $key => $value) $_POST[$key] = wp_strip_all_tags($value);

When something more specific is needed, I may later add

if (!is_email($_POST['email'])) die();

Do you think this is a good approach, given that I won’t be accepting html tags in this case?

Am I safe from sql injection attacks or some other sort of maliciusness?

Thanks

security, wp-kses Nicola 4 years 2020-03-26T00:53:09-05:00 2020-03-26T00:53:09-05:00 0 Answers 114 views 0

Register Now