David Writes on Insecure PHP and WordPress Functions for Smashing Magazine

Your first million dollars. The game-winning catch. A guest post in Smashing Magazine. These are life’s moments of pure success, and David had one of them this week. We’ll keep you posted on the other two.

The article is on PHP functions—including a number of WordPress-only functions—that, by their nature, are potential security vulnerabilities. It’s (as usual) excellent and non-obvious technical writing. The biggest surprise for me was the issues with the extract() function, which I often use (following the Codex code demos, I believe) to extract shortcode arguments into variables of the same name. The list of need-to-knows for select WordPress functions—personal favorite is that esc_sql() doesn’t secure you from SQL injection, yikes—is also invaluable.

Check it out! You’ll learn about secure code in both WordPress and PHP more broadly, and you’ll be able to say you knew David before he was a millionaire making the game-winning catch.


Add a Comment

Your email address will not be published. Required fields are marked *