Title: Adjust filter in code ( problem hight security ) Last modified: May 31, 2017 --- # Adjust filter in code ( problem hight security ) * Resolved [Lenon Leite](https://wordpress.org/support/users/lenon/) * (@lenon) * [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/) * ultimate-product-catalogue/Functions/Process_Ajax.php * Line 147 * ->get_results(“SELECT SubCategory_ID, SubCategory_Name FROM $subcategories_table_name WHERE Category_ID=” . $_POST[‘CatID’]) * To * ->get_results(“SELECT SubCategory_ID, SubCategory_Name FROM $subcategories_table_name WHERE Category_ID=” . intval($_POST[‘CatID’])) Viewing 4 replies - 1 through 4 (of 4 total) * [etoilewebdesign](https://wordpress.org/support/users/etoilewebdesign/) * (@etoilewebdesign) * [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/#post-9184219) * Hi Lenon, * Could you please clarify what you’re trying to say here? Are you making a suggestion that that top line of code should be switched to the bottom line? The category ID is automatically assigned by the plugin and not input by the user and cannot be changed by the user. * Thread Starter [Lenon Leite](https://wordpress.org/support/users/lenon/) * (@lenon) * [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/#post-9185454) * Sorry by not especify details , but i will try. * Responsed your question, yes you need insert filter in by int in post $_POST[‘ CatID’], because I can insert a malicious sql code by post. Category ID isnt automatically, is a Post, and post data is send by user. I have a prove of concept about this problem, if you have mail i will send with all details or if you autorize i can send here. I can extract data with this fail. * I hope I have helped * =) * [etoilewebdesign](https://wordpress.org/support/users/etoilewebdesign/) * (@etoilewebdesign) * [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/#post-9187309) * Hi Lenon, * If you want, you can email us at [contact@etoilewebdesign.com](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/contact@etoilewebdesign.com?output_format=md) with any further details you might have. The category ID is automatically assigned when you create a new category and cannot be changed by input anywhere in the admin. The product catalog doesn’t make use of a custom post type, so these aren’t even posts to start off with. * Thread Starter [Lenon Leite](https://wordpress.org/support/users/lenon/) * (@lenon) * [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/#post-9187421) * I sent you an e-mail * =) Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Adjust filter in code ( problem hight security )’ is closed to new replies. * ![](https://ps.w.org/ultimate-product-catalogue/assets/icon-128x128.png?rev=1805317) * [Ultimate Product Catalog](https://wordpress.org/plugins/ultimate-product-catalogue/) * [Frequently Asked Questions](https://wordpress.org/plugins/ultimate-product-catalogue/#faq) * [Support Threads](https://wordpress.org/support/plugin/ultimate-product-catalogue/) * [Active Topics](https://wordpress.org/support/plugin/ultimate-product-catalogue/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/ultimate-product-catalogue/unresolved/) * [Reviews](https://wordpress.org/support/plugin/ultimate-product-catalogue/reviews/) * 4 replies * 2 participants * Last reply from: [Lenon Leite](https://wordpress.org/support/users/lenon/) * Last activity: [8 years, 12 months ago](https://wordpress.org/support/topic/adjust-filter-in-code-problem-hight-security/#post-9187421) * Status: resolved