Title: WPDB and PHP Last modified: August 20, 2016 --- # WPDB and PHP * [Shaotzu](https://wordpress.org/support/users/shaotzu/) * (@shaotzu) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/) * I’m trying to utilize some existing queries from an old site to a SQL database via PHP and just trying to figure out how to change the PHP code correctly. * My old method was I had a “Connection” file that contained needed variables and then called the database table via: * _$select=$\_GET[‘id’];_ * mysql_select_db($database_Dbase, $Dbase); $query_Break = “SELECT * FROM TB WHERE TB.id=’$select'”; $Break = mysql_query($query_Break, $Dbase) or die(mysql_error()); $row_Break = mysql_fetch_assoc($Break); $totalRows_Break = mysql_num_rows($Break); * Apparently, I should be using the wpdb, but not quite sure how it will change my calls. Viewing 6 replies - 1 through 6 (of 6 total) * [Tejaswini](https://wordpress.org/support/users/tedeshpa/) * (@tedeshpa) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806343) * You can use the code as follows: * ``` global $wpdb; $select=$_GET['id']; $query_Break = "SELECT * FROM TB WHERE TB.id='$select'"; $Break=$wpdb->get_results($query_Break, ARRAY_A); $totalRows_Break = count($Break); foreach( $Break as $row_Break ) { $idvalue=$row_Break['id']; } ``` * In fact, you can get the $row_Break row (associative array) as * `$row_Break=$Break[0];` * Hope this helps somehow! * Best Regards, Tejaswini * [Marble23](https://wordpress.org/support/users/marble23/) * (@marble23) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806405) * Note: That code is bad. Its a text book case for sql injection. I’d advise against doing it like that and never pass variables directly from the URL into sql queries. You need to explicitly check $_GET[‘id’] before doing this. * ``` $select=$_GET['id']; mysql_select_db($database_Dbase, $Dbase); $query_Break = "SELECT * FROM TB WHERE TB.id='$select'"; ``` * [Wampum](https://wordpress.org/support/users/wampum/) * (@wampum) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806416) * Data validation methods for WordPress are here [http://codex.wordpress.org/Data_Validation](http://codex.wordpress.org/Data_Validation) * [Tejaswini](https://wordpress.org/support/users/tedeshpa/) * (@tedeshpa) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806417) * You can validate the id (as it seems to be an integer) as follows: * `$select = (int) $select;` * and then use $select in your SQL query * Thread Starter [Shaotzu](https://wordpress.org/support/users/shaotzu/) * (@shaotzu) * [13 years, 11 months ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806471) * Thanks for the help guys! It’s working perfectly. And yes – the id validation is an integer and that works well. * [rjmman](https://wordpress.org/support/users/rjmman/) * (@rjmman) * [13 years ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806644) * So this ‘gets’ the variable. How is it passed? I’ve been trying to use this without any success: echo ““.$username.” ”; * But doing this doesn’t get it in the link to page: * $user_input = $_GET[‘user’]; Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘WPDB and PHP’ is closed to new replies. ## Tags * [php](https://wordpress.org/support/topic-tag/php/) * [sql](https://wordpress.org/support/topic-tag/sql/) * [wpdb](https://wordpress.org/support/topic-tag/wpdb/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 6 replies * 5 participants * Last reply from: [rjmman](https://wordpress.org/support/users/rjmman/) * Last activity: [13 years ago](https://wordpress.org/support/topic/wpdb-and-php/#post-2806644) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics