No! WordPress will not protect against SQL injection in this case. You need to do so yourself, using $wpdb->esc_like and $wpdb->prepare:
if ( isset( $_GET['q'] ) ) {
// WordPress forces magic quotes (god knows why), unslash it
$value = wp_unslash( ( string ) $_GET['q'] );
// Escape like wildcards so that MySQL interprets them as literals
$value = $wpdb->esc_like( $value );
// Create our "true" like query
$value = "%$value%";
// Now inject it safely
$where .= $wpdb->prepare(
" AND ( ( $wpdb->posts.post_title LIKE %s ) OR ( $wpdb->posts.post_content LIKE %s ) )",
$value,
$value
);
}
Related Posts:
- Multipart/formatted MySQL query problem
- How do I see the mysql query generated by get_posts( $args )?
- how to insert missing tags into the posts through mySQL?
- I want to get on those users their meta value are like “AGENT” .. but this query is not working
- SQL query to delete users with multiple meta keys and comments
- Are there any best practices for creating a Like/Favourite feature in WordPress using custom MySQL tables and without any plugins?
- How to make MySQL search queries with quotes
- How to display SQL query that ran in query?
- What SQL Query to do a simple find and replace
- Is there a way to list all used/unused WP templates?
- simple sql query on wp_postmeta very slow
- How to Use Wildcards in $wpdb Queries Using $wpdb->get_results & $wpdb->prepare?
- wpdb get posts by taxonomy SQL
- How many WordPress SQL Queries per page?
- SQL query equivalent to WP User Query
- WordPress creating excessive joins on meta_query with search
- cron job to auto delete posts of a specific post type older than x days
- Get posts by category with pure SQL query
- Delete duplicate rows from wordpress database where a column is duplicate in phpmyadmin
- Custom query to get terms from post ids
- Query WordPress database by registered date and role
- Get the timout value of a saved transient?
- Grouping related postmeta data via SQL query
- Mysql / WordPress killing my server with 80k users [closed]
- Slow meta_query with about 4 milion record on wp_postmeta
- Select User by Joining Multiple Meta Value Results
- mySQL query. ORDER BY meta_key
- Update slug (URL) of pending posts via phpMyAdmin
- My SQL function to change user_name
- You have an error in your SQL syntax – Help with query
- What’s wrong with my $wpdb prepare?
- MySQL variable in query
- how would I create a custom query to get all users, and a related post based on a postmeta field?
- Help with MySQL to $WPDB query
- SQL query to select posts from multiple categories
- Alter query with posts_clauses to retrieve NULL values last
- Order by summing multiple values
- sql select query in wordpress ‘page’ [closed]
- problem with sql query in wordpress plugin
- MySql Query very slow
- Attempt to improve WP search, can someone check my SQL query?
- Searching With Apostrophe
- wpdb query problem to access previous 3 days posts
- WordPress Query wp-terms SLOW
- I can’t figure out what’s wrong with this statement. $wpdb->query update
- Making a query to the DB using same parameters of loop
- wpdb COALESCE won’t work
- Custom Query – Based on user input
- Get posts from category with custom query
- Ideas how to search & replace post_content when string contains a newline?
- SQL query to set posts in bulk based on the post content
- Valid SQL query return empty
- mysql query – how to escape apostrophe?
- Query the WordPress database to get data together with replaced information
- $wpdb->prepare affecting the query?
- WordPress SQL search, how to handle SQL Injection?
- exclude pingbacks from wordpress SQL query
- Optimize slow SQL query for multiple meta values
- prepare function sql safe method
- Updating with $qpdb->query() always returns 0 rows affected
- WordPress SQL query to tag all posts containing a specific word on title
- mySQL queries are executed twice on wordpress website
- How to return count of custom post type posts with a specific custom field value via $wpdb?
- Select column name dynamically mySQL Query
- WordPress Mysql query and Duplicate
- How do I query for posts by custom meta and those that have been stickied?
- Help with Related Posts Function
- Change pure SQL database query to WordPress post query?
- How to delete all images from code in all post_content
- Cannot get sql request from Query object?
- Display data from phpMyAdmin with WordPress
- Delete oldest wordpress post (SQL query)
- Displaying data from custom table
- Get 2 meta values from meta key column
- SQL to Query the db and return all posts and it’s metas
- PHP Fatal error: Uncaught Error: Call to a member function insert() on null
- Nested select statements not working
- OR condition not working
- Trouble migrating custom post types from non-wordpress cms
- Speed up search query that searches in post meta?
- Fastest and most efficient SQL query to check if UID exists
- Performance of wp_get_attachment_image_srcset() and wp_get_attachment_image_url()
- How i make a custom sql query for Woocommerce
- $wpdb query for price in custom field value
- Run an update query in a function
- How to display a specific category using a custom Query in WordPress?
- Custom MySQL Query for Post and Post Meta
- Slow query when joining wp_posts with a lookup-table?
- Wpdb generates too many queries
- Mysql query and odd results
- learn to run wpdb class
- sql for querying post and their category
- Access Tables with number prefix
- SQL Query : how copy all tags of post into their post content in wordpress by sql query
- Where can I find the SQL to get the most used information by wordpress database?
- Custom Query for wp_posts using wp_postmeta
- 3 queries to update WordPress
- SQL Query to get post_id from wp_posts and and meta_key(s) from wp_postmeta
- Set posts per page for parent category and it’s all children
- How to query different categories on index?