OK I have a plugin where you can add simple table content and work with a few relational databases. It’s an all in one CRUD system for price management.
However, with MySQL escaping is fairly simple, you escape the value and load them in. However, I am new to the wordpress API.
Am I right in thinking, you only need $wpdb->prepare(); when working with custom queries. As in if I am using the get_row api it requires raw data, but it also includes a $format parameter. So I am assuming that the $format parameter works in the same way as prepare does for custom SQL. As prepare loads in the SQL and checks if the values are strings or INTs etc.
Or. do I need to prepare every $wpdb statement?
- The topic ‘Escaping SQL with the wordpress API’ is closed to new replies.