Tag Archives: database

WordPress Database Errors and the Post Hoc Fallacy

Glenn Reynolds at Instapundit mentioned WordPress today in not-so-flattering terms (emphasis added): LIEBERMAN CAMPAIGN CRASHED OWN WEBSITE: “The server that hosted the joe2006.com Web site failed because it was overutilized and misconfigured.” That’s like when people send me a link to their underpowered WordPress blog, then it produces a “Database Error” message when too many […]

Protecting WordPress from SQL Injection Attacks

David Kierznowski at BlogSecurity suggests that WordPress is “insecure by design.” What he means is that in general WordPress does not sanitize MySQL queries. He recommends that WordPress provide “a proper set of SQL safe functions (i.e. $wpdb->escape_int and $wpdb->escape_str” and “use mysql_real_escape_string(), and have clearly defined coding standards and security policies” like Drupal does. […]