I'm trying to understand how to protect my custom form from possible attacks.
I send a data via a form, let's say userdata, then I read it:
$userdata = $_POST['userdata']
I put it into an array to use wpdb->update:
$updatevalues = array( $userdata );
And I've my where array too:
$where_data = array( $mydata ); //mydata is declared elsewhere
I connect to the database:
$mydb = new wpdb('root', 'password', 'database', 'localhost');
And I update the table:
$uptable = $mydb ->update('table',$updatevalues,$where_data);
Is this enough or should I do something to protect? wpdb->update is sufficient?
Thanks.
Aucun commentaire:
Enregistrer un commentaire