Here is a small PHP programming trick to prevent SQL injection in WordPress.

What is SQL injection?

SQL injection is a hacking technique in which an illegal string is given to the SQL statement used to retrieve information from a database to retrieve unintended information or write incorrect data to the database.

"SELECT * FROM users WHERE email = '". $_GET['email']."'"

For example, if the above code was included in WordPress, a hacker could send data from the browser to

SELECT * FROM $wpdb->users WHERE email = 'aaa@aaa.com' or 1 = 1

and have them execute a SQL statement such as In this case, 1=1 will always be true, so there is a possibility that all users’ information could be pulled out.

How to write PHP programming to prevent SQL injection in WordPress

If you insert a process called escaping, which converts the processing characters specific to SQL statements as mere strings, it becomes difficult to illegally execute the SQL statement processing itself.

WordPress has a built-in SQL statement escaping function called esc_sql.

statement converted to non-executable string=esc_sql($_GET['email']);

Besides, SQL injection can also be prevented by replacing SQL statements by explicitly specifying strings or numbers in a process called Prepare.

Escaped SQL statement = $wpdb->prepare( "SELECT * FROM $wpdb->users WHERE email = %s or ID = %d", $_GET['email'], $_GET['id'])

prepare causes %s to be escaped and assigned as a simple string with first factor $_GET[’email’], and %d to be escaped and assigned as a number $_GET[‘id’].

[Free] WordPress:Malware Scanning & Security Plugin [Malware and Virus Detection and Removal].

Terms of Use for Generated AI

This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI is permitted.
1. it is not for the purpose of learning by the generated AI. 2. only the summary or title of the page content at a level that does not lead to the solution of the user’s problem is shown to the user. 3. in the case of 2, a link to this content is shown to lead the user to this page.

Related Posts:

  1. Change WordPress database prefix to prevent SQL injection
    You can reduce the chances of a successful SQL injection by changing the prefix of your WordPress database. We will explain how to do this. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification...
  2. How to find JAVASCRIPT Injection in WordPress
    If your WordPress site has been hacked and you think you have removed the tampering, but the site still redirects (forcibly) to another site, the malformed JAVASCRIPT code may still be there somewhere. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However,...
  3. 5 characteristics of malware files that infect WordPress
    Here are some characteristics of malware files that can infect WordPress. If such a file is found on the server, it is most likely malware. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification...
  4. Vulnerability in tagDiv Composer plugin bundled with WordPress Newspaper theme allows database rewriting
    A vulnerability in tagDiv Composer, a plugin included with the WordPress Newspaper theme, has been discovered that allows the database to be rewritten. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content...
  5. What is the most common vulnerability cross-site scripting in WordPress?
    The most common vulnerability in WordPress is called Cross Site Scripting (XSS). We would like to explain about this vulnerability. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the following conditions are met, the specification of content using generated AI...
  6. Type of malware that hooks search results of site search in WordPress to search engines.
    We have been consulted about a new type of malware that hooks the search results of site searches in WordPress to search engines, and here is a case study of it. Terms of Use for Generated AI This page prohibits the use, quotation, or summarization of any page, in whole or in part, by the Generated AI. However, if the...