php – 如何为wordpress WP_QUERY清理$_POST?

任何人都知道如何消毒WordPress的$_POST?或者当我使用WP_QUERY时它是否已经消毒?谢谢!

我在想是否使用mysql_escape()或esc_sql()[wordpress函数].

function checkIfEmailAndPasswordHaveUser( $email, $password ) {   

$args = array(
    'post_type'  => 'my_custom_post_type',
    'meta_query' => array(
        array(
            'key'     => 'email',
            'value'   => $email
        ),
        array(
            'key'       => 'password',
            'value'     => $password
        ),
    ),
);

$query = new WP_Query( $args );
    if( !$query->have_posts() ) {
        return false;
    } else {
        // return the user's ID
        return $query->posts[0]->ID;
    }
}

$post_user_email        = trim( $_POST['user_email'] );
$post_user_password     = trim( $_POST['user_password'] );

// check if user_id exist
$result = checkIfEmailAndPasswordHaveUser($post_user_email, $post_user_password);

最佳答案 结果WP自动清理它.

点赞