WordPress.org

Ready to get started?Download WordPress

Forums

when to use $wpdb->prepare? (1 post)

  1. Johnny T
    Member
    Posted 4 years ago #

    Hi all,
    I've been reading about sql injection etc and I want to beef up the security on my site.

    I've read that queries should have $wpdb->prepare with them...

    So, for example,
    $wpdb->get_var('SELECT blah FROM blah WHERE something = '.$var.');
    becomes...
    $wpdb->get_var($wpdb->prepare('SELECT blah FROM blah WHERE something = %d',$var));

    My 2 questions are...

    1) Is the above correct formatting for using the ->prepare statement?

    2) When is $wpdb->prepare to be used? Is it on EVERY sql statement? Or just certain ones?

    Many thanks for any light you can shed on this.

    Cheers

    John ;-)

Topic Closed

This topic has been closed to new replies.

About this Topic