Title: SQL concatenation bad practice
Last modified: August 22, 2016

---

# SQL concatenation bad practice

 *  Resolved [danielfriesen](https://wordpress.org/support/users/danielfriesen/)
 * (@danielfriesen)
 * [11 years, 5 months ago](https://wordpress.org/support/topic/sql-concatenation-bad-practice/)
 * User data like $_GET[‘postid’] shouldn’t be concatenated directly into SQL like
   it is in grid_wp_thegrid.
 * Bad practice like this means that there’s a fair chance that there is a SQL injection
   vulnerability somewhere in this plugin.
 * [https://wordpress.org/plugins/grid/](https://wordpress.org/plugins/grid/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [EdwardBock](https://wordpress.org/support/users/edwardbock/)
 * (@edwardbock)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/sql-concatenation-bad-practice/#post-5600282)
 * We will work on this soon
    [https://github.com/palasthotel/grid-wordpress/issues/24](https://github.com/palasthotel/grid-wordpress/issues/24)
 *  Plugin Author [EdwardBock](https://wordpress.org/support/users/edwardbock/)
 * (@edwardbock)
 * [11 years, 3 months ago](https://wordpress.org/support/topic/sql-concatenation-bad-practice/#post-5600298)
 * Is fixed with Version 1.3

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘SQL concatenation bad practice’ is closed to new replies.

 * ![](https://ps.w.org/grid/assets/icon-256x256.png?rev=1084015)
 * [Grid](https://wordpress.org/plugins/grid/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/grid/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/grid/)
 * [Active Topics](https://wordpress.org/support/plugin/grid/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/grid/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/grid/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [EdwardBock](https://wordpress.org/support/users/edwardbock/)
 * Last activity: [11 years, 3 months ago](https://wordpress.org/support/topic/sql-concatenation-bad-practice/#post-5600298)
 * Status: resolved