Woah there. You’ve just opened up a can of SQL injection.
I use the default get_query_var(‘s’) that I believe is automatically escaped by wordpress.
Not quite – get_search_query() will do that, but get_query_var( 's' ) gets the “raw” value.
Regardless, always use wpdb::prepare or similar escaping before executing SQL:
$query = $wpdb->prepare( "SELECT * FROM $table WHERE query = %s", $search_query );
$item = $wpdb->get_row( $query );
if ( $item === null ) {
$wpdb->insert( $table, [ 'query' => $search_query ] );
}
Check out the awesome helper method wpdb::insert too.
Related Posts:
- How to Use Wildcards in $wpdb Queries Using $wpdb->get_results & $wpdb->prepare?
- Multipart/formatted MySQL query problem
- Are database queries created using WordPress filters protected from SQL injection?
- How do I see the mysql query generated by get_posts( $args )?
- Attempt to improve WP search, can someone check my SQL query?
- Searching With Apostrophe
- how to insert missing tags into the posts through mySQL?
- Ideas how to search & replace post_content when string contains a newline?
- I want to get on those users their meta value are like “AGENT” .. but this query is not working
- SQL query to delete users with multiple meta keys and comments
- Speed up search query that searches in post meta?
- Are there any best practices for creating a Like/Favourite feature in WordPress using custom MySQL tables and without any plugins?
- How to display SQL query that ran in query?
- What SQL Query to do a simple find and replace
- Is there a way to list all used/unused WP templates?
- what are the numbers between curly brackets in search query
- simple sql query on wp_postmeta very slow
- wpdb get posts by taxonomy SQL
- How many WordPress SQL Queries per page?
- Search custom post type by meta data
- Search and replace text across all posts
- Search Terms – Querying on either description__like OR name__like in the same Term Query?
- Fulltext search in posts sorted by relevancy
- SQL query equivalent to WP User Query
- Custom Query to search through categories
- WordPress creating excessive joins on meta_query with search
- search through post-type attachments titles
- cron job to auto delete posts of a specific post type older than x days
- Get posts by category with pure SQL query
- Delete duplicate rows from wordpress database where a column is duplicate in phpmyadmin
- Custom query to get terms from post ids
- Query WordPress database by registered date and role
- Get the timout value of a saved transient?
- SQL query to get adjacent posts from search query
- Grouping related postmeta data via SQL query
- Mysql / WordPress killing my server with 80k users [closed]
- Slow meta_query with about 4 milion record on wp_postmeta
- Select User by Joining Multiple Meta Value Results
- mySQL query. ORDER BY meta_key
- How to find exact match for search term in WP_Query? What is the additional string added in LIKE query in WP_Query?
- Change searched term
- Update slug (URL) of pending posts via phpMyAdmin
- My SQL function to change user_name
- You have an error in your SQL syntax – Help with query
- What’s wrong with my $wpdb prepare?
- MySQL variable in query
- Search query -> Show all pages except certain template
- Temporarily storing main search result
- how would I create a custom query to get all users, and a related post based on a postmeta field?
- Help with MySQL to $WPDB query
- SQL query to select posts from multiple categories
- Editing the default wordpress search
- Alter query with posts_clauses to retrieve NULL values last
- Order by summing multiple values
- sql select query in wordpress ‘page’ [closed]
- Query based on title, with ‘compare’ => ‘IN’
- is_search called incorreclty
- problem with sql query in wordpress plugin
- MySql Query very slow
- wpdb query problem to access previous 3 days posts
- WordPress Query wp-terms SLOW
- I can’t figure out what’s wrong with this statement. $wpdb->query update
- Making a query to the DB using same parameters of loop
- wpdb COALESCE won’t work
- Custom Query – Based on user input
- How to reset usual $query on search page to push custom $wpdb query there?
- Get posts from category with custom query
- SQL query to set posts in bulk based on the post content
- How to insert Collate into WordPress search query?
- Valid SQL query return empty
- mysql query – how to escape apostrophe?
- Slow Search Queries – How to exclude pages, media, excerpt, authors, private posts?
- Query the WordPress database to get data together with replaced information
- $wpdb->prepare affecting the query?
- WordPress SQL search, how to handle SQL Injection?
- exclude pingbacks from wordpress SQL query
- How to interfere to default search to make it search in custom fields?
- Optimize slow SQL query for multiple meta values
- prepare function sql safe method
- Updating with $qpdb->query() always returns 0 rows affected
- WordPress SQL query to tag all posts containing a specific word on title
- mySQL queries are executed twice on wordpress website
- How to manage a particular “order by” for get_search_query()?
- How to return count of custom post type posts with a specific custom field value via $wpdb?
- Select column name dynamically mySQL Query
- WordPress Mysql query and Duplicate
- How do I query for posts by custom meta and those that have been stickied?
- Help with Related Posts Function
- Change pure SQL database query to WordPress post query?
- How to delete all images from code in all post_content
- Build A Custom SQL Query for WordPress Search
- WordPress search in modified post title
- Filter orders by modify date
- How to add url parameter to every search query in SearchWp?
- Cannot get sql request from Query object?
- Customising the default wordpress search functionality
- Display data from phpMyAdmin with WordPress
- Add rewrite rule for archive search
- Delete oldest wordpress post (SQL query)
- Displaying data from custom table