Woah there. You’ve just opened up a can of SQL injection.
I use the default get_query_var(‘s’) that I believe is automatically escaped by wordpress.
Not quite – get_search_query()
will do that, but get_query_var( 's' )
gets the “raw” value.
Regardless, always use wpdb::prepare
or similar escaping before executing SQL:
$query = $wpdb->prepare( "SELECT * FROM $table WHERE query = %s", $search_query );
$item = $wpdb->get_row( $query );
if ( $item === null ) {
$wpdb->insert( $table, [ 'query' => $search_query ] );
}
Check out the awesome helper method wpdb::insert
too.
Related Posts:
- How to Use Wildcards in $wpdb Queries Using $wpdb->get_results & $wpdb->prepare?
- Multipart/formatted MySQL query problem
- Are database queries created using WordPress filters protected from SQL injection?
- How do I see the mysql query generated by get_posts( $args )?
- Attempt to improve WP search, can someone check my SQL query?
- Searching With Apostrophe
- how to insert missing tags into the posts through mySQL?
- Ideas how to search & replace post_content when string contains a newline?
- I want to get on those users their meta value are like “AGENT” .. but this query is not working
- SQL query to delete users with multiple meta keys and comments
- Speed up search query that searches in post meta?
- Are there any best practices for creating a Like/Favourite feature in WordPress using custom MySQL tables and without any plugins?
- What SQL Query to do a simple find and replace
- Is there a way to list all used/unused WP templates?
- what are the numbers between curly brackets in search query
- simple sql query on wp_postmeta very slow
- wpdb get posts by taxonomy SQL
- How many WordPress SQL Queries per page?
- Search custom post type by meta data
- Search and replace text across all posts
- Fulltext search in posts sorted by relevancy
- SQL query equivalent to WP User Query
- Custom Query to search through categories
- WordPress creating excessive joins on meta_query with search
- Get posts by category with pure SQL query
- Custom query to get terms from post ids
- Get the timout value of a saved transient?
- SQL query to get adjacent posts from search query
- Grouping related postmeta data via SQL query
- Mysql / WordPress killing my server with 80k users [closed]
- Slow meta_query with about 4 milion record on wp_postmeta
- mySQL query. ORDER BY meta_key
- How to find exact match for search term in WP_Query? What is the additional string added in LIKE query in WP_Query?
- Change searched term
- Update slug (URL) of pending posts via phpMyAdmin
- What’s wrong with my $wpdb prepare?
- MySQL variable in query
- Search query -> Show all pages except certain template
- Temporarily storing main search result
- Help with MySQL to $WPDB query
- SQL query to select posts from multiple categories
- Editing the default wordpress search
- Alter query with posts_clauses to retrieve NULL values last
- Order by summing multiple values
- sql select query in wordpress ‘page’ [closed]
- Query based on title, with ‘compare’ => ‘IN’
- problem with sql query in wordpress plugin
- MySql Query very slow
- wpdb query problem to access previous 3 days posts
- WordPress Query wp-terms SLOW
- I can’t figure out what’s wrong with this statement. $wpdb->query update
- Making a query to the DB using same parameters of loop
- wpdb COALESCE won’t work
- Get posts from category with custom query
- SQL query to set posts in bulk based on the post content
- How to insert Collate into WordPress search query?
- Slow Search Queries – How to exclude pages, media, excerpt, authors, private posts?
- How to interfere to default search to make it search in custom fields?
- Optimize slow SQL query for multiple meta values
- prepare function sql safe method
- WordPress SQL query to tag all posts containing a specific word on title
- mySQL queries are executed twice on wordpress website
- How to return count of custom post type posts with a specific custom field value via $wpdb?
- Select column name dynamically mySQL Query
- WordPress Mysql query and Duplicate
- Help with Related Posts Function
- Change pure SQL database query to WordPress post query?
- How to delete all images from code in all post_content
- WordPress search in modified post title
- Filter orders by modify date
- How to add url parameter to every search query in SearchWp?
- Cannot get sql request from Query object?
- Customising the default wordpress search functionality
- Display data from phpMyAdmin with WordPress
- Add rewrite rule for archive search
- Displaying data from custom table
- Get 2 meta values from meta key column
- SQL to Query the db and return all posts and it’s metas
- Restrict WordPress search to a single ACF field
- PHP Fatal error: Uncaught Error: Call to a member function insert() on null
- Nested select statements not working
- Modify behaviour of “s” parameter in wp_query
- Sort by postmeta on when searching
- OR condition not working
- searching by keywords in post’s metas or pagination links problem
- Pagination adds search query (again)
- Fastest and most efficient SQL query to check if UID exists
- $query->set( ‘post_type’, ‘post’ ); not working
- How i make a custom sql query for Woocommerce
- $wpdb query for price in custom field value
- How to display a specific category using a custom Query in WordPress?
- Custom MySQL Query for Post and Post Meta
- Run search query again without pagination gives no results?
- Wpdb generates too many queries
- learn to run wpdb class
- sql for querying post and their category
- Access Tables with number prefix
- SQL Query : how copy all tags of post into their post content in wordpress by sql query
- Custom Query for wp_posts using wp_postmeta
- 3 queries to update WordPress