I can’t find a function shipped with WordPress that does this, so I created my own:
function esc_sql_name( $name ) {
return str_replace( "`", "``", $name );
}
You can use it like this:
$escaped_name = esc_sql_name( $column_name );
$sql = $wpdb->prepare(
"SELECT * FROM example WHERE `$escaped_name` = %s",
$foobar
);
Reference:
Related Posts:
- MySQL Error: : ‘Access denied for user ‘root’@’localhost’
- What is the difference between “INNER JOIN” and “OUTER JOIN”?
- SQL WITH clause example [duplicate]
- The wait operation timed out. ASP
- Conversion failed when converting date and/or time from character string while inserting datetime
- how to fix oracle ORA-01722 invalid number error
- SQL query to select dates between two dates
- MySQL – Operand should contain 1 column(s)
- SQL SELECT WHERE field contains words
- MySQL Error: : ‘Access denied for user ‘root’@’localhost’
- NOT IN vs NOT EXISTS
- Must declare the scalar variable
- ORA-00979 not a group by expression
- How can I do a FULL OUTER JOIN in MySQL?
- MySQL query String contains
- How do I escape a single quote in SQL Server?
- T-SQL split string based on delimiter
- Finding duplicate values in a SQL table
- MySQL Cannot Add Foreign Key Constraint
- Oracle error : ORA-00905: Missing keyword
- How do I import an SQL file using the command line in MySQL?
- mysql Foreign key constraint is incorrectly formed error
- Can a foreign key be NULL and/or duplicate?
- How do composite indexes work?
- Difference between JOIN and INNER JOIN
- MySQL “WITH” clause
- What is the difference between JOIN and UNION?
- MySQL Multiple Joins in one query?
- Error Code: 2013. Lost connection to MySQL server during query
- “CASE” statement within “WHERE” clause in SQL Server 2008
- SQL join on multiple columns in same tables
- ORA-00972 identifier is too long alias column name
- What is the difference between Scope_Identity(), Identity(), @@Identity, and Ident_Current()?
- Sql query – getting rid of hard-coded values
- ORA-00918: column ambiguously defined in SELECT *
- How To Run A Github Repository?
- SQL Switch/Case in ‘where’ clause
- Oracle – ORA-01489: result of string concatenation is too long [duplicate]
- SQL Server WITH statement
- How to run a SQL query on an Excel table?
- Algebra Relational sql GROUP BY SORT BY ORDER BY
- SQL Server reports ‘Invalid column name’, but the column is present and the query works through management studio
- Oracle “Partition By” Keyword
- What is the equivalent of ‘describe table’ in SQL Server?
- Remote table-Valued Function Calls are not allowed
- The backend version is not supported to design database diagrams or tables
- Determine ROW that caused “unexpected end of file” error in BULK INSERT?
- SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax — PHP — PDO [duplicate]
- Difference between View and table in sql
- Using group by on multiple columns
- What is the purpose of using WHERE 1=1 in SQL statements?
- Exclude a column using SELECT * [except columnA] FROM tableA?
- How do you force mysql LIKE to be case sensitive?
- What is the difference between a stored procedure and a view?
- Why is SQL server throwing this error: Cannot insert the value NULL into column ‘id’?
- pg_ctl: no database directory specified and environment variable PGDATA unset
- ERROR 1148: The used command is not allowed with this MySQL version
- Bulk load data conversion error (truncation)
- How to order by with union in SQL?
- Difference between INNER JOIN and LEFT SEMI JOIN
- SQL conditional SELECT
- ‘CREATE PROCEDURE’ must be the only statement in the batch (Erro)
- PostgreSQL create table if not exists
- PostgreSQL visual interface similar to phpMyAdmin?
- DATEDIFF function in Oracle
- Solutions for INSERT OR UPDATE on SQL Server
- GROUP BY and COUNT using ActiveRecord
- MySQL – Get row number on select
- MySQL error: Unknown column in ‘where clause’
- What is the difference between Views and Materialized Views in Oracle?
- How to truncate the text returned for a column in a MySQL query
- “select * into table” Will it work for inserting data into existing table
- ORA-01735: invalid ALTER TABLE option – Toad
- CASE IN statement with multiple values
- List of special characters for SQL LIKE clause
- Use wpdb->prepare for `order by` column name
- How To Write An Inner Join With WP Query
- Cron While Editing Post
- Update user_login, user_nicename, and display_name
- Change sticky status of posts from phpMyAdmin
- Fetch all Posts where logged in user has commented
- Best Way to Merge a Dev and Live Site to Become a Staging Site?
- Needing to move content from postmeta to posts in sql [closed]
- How to import a Typo3 database to a wordpress site?
- What does the $posts_join filter join to?
- Clean up very big and very dirty database
- How to delete ALL comments from certain category in WordPress database?
- How can I convert everything from category X to have post format Link
- Bulk delete WordPress Post and all metadata, etc using SQL query
- What steps do I need to take to install a local copy of a live website?
- Reset post IDs with all post meta
- How to Add or Change Post Title
- Why does DROP TABLE-ing the `wp_options` reset my user session?
- How to refactor DB queries for better TTFB in WordPress?
- query sql-table and change entities
- Duplicate WP Migration affecting site on separate domain?
- Analog category_and (WP) in sql query
- Backtick (MySQL norm) added to SQL Server Query causing error
- Firebase with WordPress instead of SQL?
- Want to delete woocommerce coupon in bulk from phpmyadmin based on published date