is it safe? insert the data to db by user ..?

I'm tring to make the visitor can register from the front end or (the index page )not admin page ..

firstly , I made the template page , it is name : Register User

but I am afraid if the user can do开发者_高级运维 somthing bad (sql injection .. etc) ..

this is my code ..

if(!empty($_POST['user_name']) || !empty($_POST['email'])){
$user_login  = $_POST['user_name'];
$user_email  = $_POST['email'];
$random_password = wp_generate_password(5 , true );
wp_create_user( $user_login, $random_password, $user_email )

} else {
echo 'The user name or E-mail is empty';

}

also , how can know this is email or not ?

sorry , my language is bad >_<

You can use the already included function in wordpress:

Details here: http://codex.wordpress.org/Function_Reference/is_email

is_email()

<?php if ( is_email( 'email@domain.com' ) ) {
      echo 'email address is valid.';
} ?>

Might also want to validate the 'username' using the function username_exists()

http://codex.wordpress.org/Function_Reference/username_exists

<?php  
       $username = $_POST['username'];
       if ( username_exists( $username ) )
           echo "Username In Use!";
       else
           echo "Username Not In Use!";
?>

That depends on the wp_create_user function - is it sanitizing/escaping the data for you? If not, you may need to do it yourself (see mysql_real_escape_string)

The wp_create_user function should be safe to just send user-input to.

The second part is answered by Jakub