安全吗?由用户将数据插入数据库..?
我试图让访问者可以从前端或(索引页面)而不是管理页面注册..
首先,我制作了模板页面,名称为:注册用户
,但我担心用户是否会做坏事(sql注入..等)..
这是我的代码..
if(!empty($_POST['user_name']) || !empty($_POST['email'])){
$user_login = $_POST['user_name'];
$user_email = $_POST['email'];
$random_password = wp_generate_password(5 , true );
wp_create_user( $user_login, $random_password, $user_email )
} else {
echo 'The user name or E-mail is empty';
}
另外,怎么知道这是电子邮件还是不是?
抱歉,我的语言不好>_<
I'm tring to make the visitor can register from the front end or (the index page )not admin page ..
firstly , I made the template page , it is name : Register User
but I am afraid if the user can do somthing bad (sql injection .. etc) ..
this is my code ..
if(!empty($_POST['user_name']) || !empty($_POST['email'])){
$user_login = $_POST['user_name'];
$user_email = $_POST['email'];
$random_password = wp_generate_password(5 , true );
wp_create_user( $user_login, $random_password, $user_email )
} else {
echo 'The user name or E-mail is empty';
}
also , how can know this is email or not ?
sorry , my language is bad >_<
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以使用wordpress中已经包含的功能:
详细信息在这里:
http://codex.wordpress.org/Function_Reference/is_email
is_email()可能还想使用函数
username_exists()http 验证“用户名” ://codex.wordpress.org/Function_Reference/username_exists
You can use the already included function in wordpress:
Details here:
http://codex.wordpress.org/Function_Reference/is_email
is_email()Might also want to validate the 'username' using the function
username_exists()http://codex.wordpress.org/Function_Reference/username_exists
这取决于
wp_create_user函数 - 它是否为您清理/转义数据?如果没有,您可能需要自己执行此操作(请参阅 mysql_real_escape_string )That depends on the
wp_create_userfunction - is it sanitizing/escaping the data for you? If not, you may need to do it yourself (see mysql_real_escape_string)wp_create_user 函数应该可以安全地发送用户输入。
第二部分由 Jakub 回答
The wp_create_user function should be safe to just send user-input to.
The second part is answered by Jakub