Title: _GET variable security with query_posts? Last modified: August 20, 2016 --- # _GET variable security with query_posts? * [cmunns](https://wordpress.org/support/users/cmunns/) * (@cmunns) * [14 years, 7 months ago](https://wordpress.org/support/topic/_get-variable-security-with-query_posts/) * I am using a form to find all custom field values of a particular key. This form is submitted and I use _GET to pass the value in query_posts. * Are there any security concerns with doing this? In this case it’s a dropdown select value that is getting found, but if I’m using text input should I use strip_tags or something like that to sanitize the input? * Here is an example… * ``` if (!empty($_GET["property_type"])) { $ty = $_GET["property_type"]; } else { $ty = ""; } ``` * ``` query_posts( array( 'posts_per_page' => -1, 'meta_query' => array( array( 'key' => 'property_type', 'value' => $ty, 'compare' => 'LIKE' ), ), )); ``` Viewing 1 replies (of 1 total) * [Jon Dingman](https://wordpress.org/support/users/jdingman/) * (@jdingman) * [13 years, 10 months ago](https://wordpress.org/support/topic/_get-variable-security-with-query_posts/#post-2354514) * Without sanitizing your $_GET, you are leaving yourself open to XSS attacks. * WordPress has some good documentation around [Data Validation](http://codex.wordpress.org/Data_Validation). Viewing 1 replies (of 1 total) The topic ‘_GET variable security with query_posts?’ is closed to new replies. ## Tags * [$_get](https://wordpress.org/support/topic-tag/_get/) * [query_posts](https://wordpress.org/support/topic-tag/query_posts/) * 1 reply * 2 participants * Last reply from: [Jon Dingman](https://wordpress.org/support/users/jdingman/) * Last activity: [13 years, 10 months ago](https://wordpress.org/support/topic/_get-variable-security-with-query_posts/#post-2354514) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics