I wrote database queries some time ago and now I would like to improve them.
But something I do wrong and i need help.
class tags{
private $wpdb;
public function __construct(){
global $wpdb;
global $table;
$this->wpdb = $wpdb;
$table = 'tags';
$this->table_tags = $table;
}
public function some(){
// If I delete the value after the decimal point then it does not work. Is correct query and what use this query witch "WHERE"?
$how_much = $this->wpdb->get_var($this->wpdb->prepare("SELECT COUNT(*) FROM `".$this->table_tags."`", $this->table_tags));
}
public function some2(){
//here i need display some, work but I do this correct?
$tags = $this->wpdb->get_results($this->wpdb->prepare("SELECT * FROM `".$this->table_tags."` ORDER BY id DESC LIMIT %d, %d", $from, $in_site), ARRAY_A);
}
public function some3(){
// here i want add some, work too
$data = array( 'name' => $name );
$data2 = '%s';
$this->wpdb->query($this->wpdb->prepare(" INSERT INTO `".$this->table_tags."` (`name`) VALUES (".$data2.") ", $data ));
}
public function other(){
// is correct? delete
$this->wpdb->delete($this->table_tags, array('id' => $id));
// and update
$this->wpdb->update( $this->table_tags, array( 'name' => $name ), array( 'id' => $id ));
}
}
And here question.
In $wpdb->delete and $wpdb->update it is not used prepare() and query() ?
I wrote database queries some time ago and now I would like to improve them.
But something I do wrong and i need help.
class tags{
private $wpdb;
public function __construct(){
global $wpdb;
global $table;
$this->wpdb = $wpdb;
$table = 'tags';
$this->table_tags = $table;
}
public function some(){
// If I delete the value after the decimal point then it does not work. Is correct query and what use this query witch "WHERE"?
$how_much = $this->wpdb->get_var($this->wpdb->prepare("SELECT COUNT(*) FROM `".$this->table_tags."`", $this->table_tags));
}
public function some2(){
//here i need display some, work but I do this correct?
$tags = $this->wpdb->get_results($this->wpdb->prepare("SELECT * FROM `".$this->table_tags."` ORDER BY id DESC LIMIT %d, %d", $from, $in_site), ARRAY_A);
}
public function some3(){
// here i want add some, work too
$data = array( 'name' => $name );
$data2 = '%s';
$this->wpdb->query($this->wpdb->prepare(" INSERT INTO `".$this->table_tags."` (`name`) VALUES (".$data2.") ", $data ));
}
public function other(){
// is correct? delete
$this->wpdb->delete($this->table_tags, array('id' => $id));
// and update
$this->wpdb->update( $this->table_tags, array( 'name' => $name ), array( 'id' => $id ));
}
}
And here question.
In $wpdb->delete and $wpdb->update it is not used prepare() and query() ?
- I should use prepare() to all database operations ? – Jaron Commented Apr 21, 2019 at 15:33
1 Answer
Reset to default 2You should use prepare only when you're using SQL query - this function takes query and params and returns a safe SQL query filled with given params.
Its result is a SQL query. So you can (and should) use it whenever you're creating a SQL query and put some params in it.
With $wpdb->delete or $wpdb->update you don't create any string containing SQL query - both these functions are taking only params and the create and run the queries for you - so there is no need for preparing.
If you use $wpdb->insert, then you also don't have to prepare - there is nothing to be prepared.
But if you insert with raw SQL, as you do in your code, then yes - you should always prepare such query.