Posted By

Tate on 10/28/08


Tagged

sql wordpress injection


Versions (?)

Who likes this?

1 person have marked this snippet as a favorite

qubestream


Wordpress "prepare" function for inserting into database


 / Published in: PHP
 

URL: http://apeatling.wordpress.com/2008/06/25/prepare-dont-escape/

  1. $field1 = "Andy Peatling";
  2. $field2 = "It's like that, and that's the way it is.";
  3.  
  4. $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->sometable( id, field1, field2 ) VALUES ( %d, %s, %s )", $_POST['id'], $field1, $field2 );

Report this snippet  

You need to login to post a comment.