0

I have a form on my WordPress website where users can submit code (HTML, JS, PHP, etc.) that will get saved to the WordPress database, and that code will also be visible on a page.

  1. How do I make sure nothing malicious is done when the code is saved to the database? I would like to save the inputted code as-is without escaping or modifying it, if possible and safe.

  2. And what about when it is displayed on the frontend? Is echoing the saved code in tags enough?

Thanks!

harvey
  • 201
  • 2
  • 12
  • Does this answer your question? [How to prevent SQL Injection in Wordpress?](https://stackoverflow.com/questions/26753146/how-to-prevent-sql-injection-in-wordpress) – Your Common Sense Dec 01 '20 at 06:09
  • As long as you are using the regular Wordpress backend, nothing special is required, everything is safe already. If you are writing your own plugin, then you need to take the usual precautions – Your Common Sense Dec 01 '20 at 06:12

0 Answers0