Title: validate textfield contents Last modified: January 24, 2018 --- # validate textfield contents * Resolved [mamoon15](https://wordpress.org/support/users/mamoon15/) * (@mamoon15) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/) * how to validate text filed content, to make sure the content holding only characters from A-Z and a-z, to avoid SQL injection and other bad string which that is might crush my site !!! * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvalidate-textfield-contents%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 7 replies - 1 through 7 (of 7 total) * Plugin Author [PressTigers](https://wordpress.org/support/users/presstigers/) * (@presstigers) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9900414) * Please let us know where you find the validity issue with more details so we can investigate your test case and then fix it at our end. * Your contribution towards reporting the bug will be much appreciated and we will fix it after reproducing it at our end. - This reply was modified 8 years, 2 months ago by [PressTigers](https://wordpress.org/support/users/presstigers/). * Thread Starter [mamoon15](https://wordpress.org/support/users/mamoon15/) * (@mamoon15) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9901971) * Dears, * i have my own local project which has face issue with your plugin, but you can take this demo as example [http://demo.presstigers.com/job-board-extensions/jobs/hr-assistant/](http://demo.presstigers.com/job-board-extensions/jobs/hr-assistant/) * well, on the above demo you could insert SQL query like the following : ” ‘” ^_ 1=1|| TRUE ” SELECT * FROM TABLE_USER “;” which that make your web site is Vulnerable. * that type of attack is basic, it’s called SQL injection kindly check it. * Best regards, Mamoon Khaled Abuzaid. * Plugin Author [PressTigers](https://wordpress.org/support/users/presstigers/) * (@presstigers) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9902177) * Hello [@mamoon15](https://wordpress.org/support/users/mamoon15/), * Sorry for the inconvenience. * Thanks for pointing out the issue. We will test this vulnerability at our end and then update you as well. * You can also drop us an email at [support@presstigers.com](https://wordpress.org/support/topic/validate-textfield-contents/support@presstigers.com?output_format=md) for personalize support regarding SJB. * Thanks again for your contribution towards bug reporting for Simple Job Board. * Best Regards, * Thread Starter [mamoon15](https://wordpress.org/support/users/mamoon15/) * (@mamoon15) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9910005) * hello, * thank you for the fast response. i will be waiting for the update. * Best regards, Mamoon Khaled * Plugin Author [PressTigers](https://wordpress.org/support/users/presstigers/) * (@presstigers) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9952250) * Please contact us at [support@presstigers.com](https://wordpress.org/support/topic/validate-textfield-contents/support@presstigers.com?output_format=md) we want to communicate further regarding this issue. * Thread Starter [mamoon15](https://wordpress.org/support/users/mamoon15/) * (@mamoon15) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9953162) * Dears, * kindly find my fix for this issue in stackover flow [https://stackoverflow.com/questions/48486307/validate-textfield-contents-in-wordpress-simple-job-board-plugin/48690078#48690078](https://stackoverflow.com/questions/48486307/validate-textfield-contents-in-wordpress-simple-job-board-plugin/48690078#48690078) * Best Regards, Mamoon Khalid * Plugin Author [PressTigers](https://wordpress.org/support/users/presstigers/) * (@presstigers) * [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9954703) * Hello Mamoon, * Thank you for taking your time in investigating SJB vulnerabilities. I think there has been some misunderstanding regarding SQL injection on your part. First of all, we would like to say that the fields that you are claiming to be vulnerable are not directly used in any query. Please go to the following line to see exactly how the application fields are saved. * [https://plugins.trac.wordpress.org/browser/simple-job-board/tags/2.4.6/includes/class-simple-job-board-ajax.php?rev=1772090#L193](https://plugins.trac.wordpress.org/browser/simple-job-board/tags/2.4.6/includes/class-simple-job-board-ajax.php?rev=1772090#L193) * If you go to this block and see [Line#198](https://plugins.trac.wordpress.org/browser/simple-job-board/tags/2.4.6/includes/class-simple-job-board-ajax.php?rev=1772090#L198) which saves these fields, you can see that these fields are saved through [add_post_meta](https://developer.wordpress.org/reference/functions/add_post_meta/) after being sanitized by [sanitize_text_field](https://developer.wordpress.org/reference/functions/sanitize_text_field/). The result of this process is that these fields are saved as just text strings after being properly processed as per WordPress [standards](https://developer.wordpress.org/plugins/security/securing-input/). * The solution that you have provided in your StackOverflow answer is not applicable to this scenario. You may use it for your case, but it does not apply to majority of SJB users. You are removing everything which is not alphanumeric. We have included application form fields to be used for any type of input that users want. They may need to enter special characters for that. Your solution renders anything that is not alphanumeric unable to be used. This will limit application fields’ usage scope instead of making it safe. For example, email addresses have( @ ) in them, which is a special character. Website URLs have ( : ) and ( / ) in them, which are special characters. After adding your code users can not gather the email address or URL from their applicants. * We are always trying to keep our plugin updated and regularly maintain it after WordPress updates. Having more than 10,000 active installs, we consider it our responsibility to keep our users safe from our side of the code. And just for your information we would like to add that WordPress team keeps an eye on the plugins for security too and keeps removing plugins having proven vulnerabilites. * If after going through these links you still think that there is a vulnerability, you are welcome to contact us through our support email ( [support@presstigers.com](https://wordpress.org/support/topic/validate-textfield-contents/support@presstigers.com?output_format=md)). One of our technical representatives will entertain your email and will address any concern you may have. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘validate textfield contents’ is closed to new replies. * ![](https://ps.w.org/simple-job-board/assets/icon-256x256.png?rev=1829069) * [Simple Job Board](https://wordpress.org/plugins/simple-job-board/) * [Frequently Asked Questions](https://wordpress.org/plugins/simple-job-board/#faq) * [Support Threads](https://wordpress.org/support/plugin/simple-job-board/) * [Active Topics](https://wordpress.org/support/plugin/simple-job-board/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/simple-job-board/unresolved/) * [Reviews](https://wordpress.org/support/plugin/simple-job-board/reviews/) ## Tags * [SJB](https://wordpress.org/support/topic-tag/sjb/) * [validation](https://wordpress.org/support/topic-tag/validation/) * 7 replies * 2 participants * Last reply from: [PressTigers](https://wordpress.org/support/users/presstigers/) * Last activity: [8 years, 2 months ago](https://wordpress.org/support/topic/validate-textfield-contents/#post-9954703) * Status: resolved