You don’t need to use $wpdb->prepare()
for ORDER BY
clauses. $wpdb->prepare()
will always quote your variables.
Supposing you receive the ordering in the request, you can prevent SQL injection by not using the user entered value at all:
$sql = "SELECT....";
if ( 'asc' == $_GET['order'] ) {
$sql .= ' ORDER BY p.post_date ASC';
} else {
$sql .= ' ORDER BY p.post_date DESC';
}
$wpdb->prepare( $sql , $value_parameter );
Related Posts:
- Pagination with custom SQL query
- How to make an activities stream mixing posts and comments?
- How To Get Some Data From WordPress Database Using WordPress $wpdb Query?
- Select from wp_post and multiple meta_value from wp_postmeta
- How to correctly pass values to wpdb->prepare()?
- $wpdb select date range of posts
- Make a SQL query with wpdb in WordPress
- List of ways to access WordPress database?
- Passing a SQL query to the WP Query
- Any way to use FETCH_KEY_PAIR with $wpdb?
- What argument does my function need to echo get_results() query results
- Include post_status check within $wpdb query
- wpdb LIKE request shows all database data
- Convert a WP Query into a simpler SQL query to fetch only COUNT of posts
- WP_Query with “post_title LIKE ‘something%'”?
- How to print the excuted sql right after its execution
- Return only Count from a wp_query request?
- Whats the difference between post_limits and pre_get_posts?
- Is it possible to wrap Geo Location search around WP_Query?
- Is it true $wpdb->get_results is faster than WP_Query in most cases?
- Is it possible to select against a post’s parent’s fields with WP_Query?
- Use WP_Query with a custom SQL query
- SQL query equivalent to WP User Query
- how to retrieve specific product attribute value in an sql query?
- Should close $wpdb via $wpdb->close()
- Advanced WP Query hogs the SQL server
- SELECT * FROM $wpdb->posts WHERE ID > 160
- Query post with meta_query where date is not in future
- How would I format a query that depends on post parent taxonomy
- Mysql query LIKE not working
- What’s the purpose / logic of split_the_query in WP_Query->get_posts
- How To Fix WP Query Returns Results But Shouldn’t?
- List of the years with posts presented
- SQL: What is wrong with the following query (generated by WordPress WP_Query, ordering prices)
- Slow WP_Query for custom post type
- Complex WP SQL Query
- Optional Meta Query
- Custom Query num_rows returns wrong amount
- Sorting events by descending date, and ascending time if multiple events on a date
- Getting post revision and printing them on the post content site
- Editing the default wordpress search
- Filtering posts from different categories into different section by doing WP_Query only once
- Iterating through $wpdb query without using get_results for large query results
- How to extract specific post
- Woocommerce – Changing the order of the upsell products [closed]
- Query with search and subscribers only output
- Changing sort order for presentation by Jetpack infinite scroll
- wp_Qwery works to slow
- Include data from custom table in WP_Query
- How to query custom post types with mixed AND & OR statements for custom fields
- wordpress ajax relationship query
- Query most popular terms by taxonomy over 2 week period
- Which is faster wpdb & get_row or wp_query & ge_post_meta?
- Custom query: Get all posts that are from a certain category?
- Ajax future single post query doesn’t work when NOT logged in
- Conditional sorting with variable using WP Query
- Debugging wp_query orderby for taxonomy
- Is it possible to query from external database? [duplicate]
- Specify strict ‘order by’ in WordPress query
- Getting rid of unwanted nonSQL syntax characters when debugging a query
- How I can change the condition or compare operator for WP_Query in pre_get_posts
- Does WordPress have something like Drupal’s DB API?
- Query where ANDing slug values not working
- WP_Query: apply an SQL function to meta fileld value
- How to avoid filling up an array each time I run a WP_query?
- How to SQL query posts IDs by categories AND authors?
- Randomly select one of last 3 posts
- WordPress SQL JOIN query
- Use have_posts() with array of post results retrieved by $wpdb->get_results
- how to translate countries output from wp database?
- What’s wrong with this wpdb query?
- SQL query injection with fifu image
- duplicated posts when using pagination
- WP_Query() not working as expected
- Save queried result into database
- WP Query – grouping posts by same meta key, adding together values from another key
- What is the equivalent WP_Query of a SQL Query?
- How to get user avatar via WPDB
- Translating WP query into to SQL query
- Filtering posts for unique titles, only the most recent
- Slow wp_posts and wp_postmeta query using Advance Custom Fields
- How to search CPTs in draft using get_page_by_title()
- In which file to use $wpdb and its functions for database operations and queries in wordpress?
- complex query question
- Find by post_meta, then sort by post_meta, then sort by date (wp_posts)
- Optimising amount of calls to custom fields
- WP Query to order posts by multiple meta fields
- Fire query on ajax post url page
- Search Query that Includes Custom Table
- Custom WP_Query with SQL directives for getting posts by authors and terms
- How to return value from sql and display it
- orderby in WP_query doesn’t works
- WP_Query with several meta_query-statements and order by meta_value
- Different sql queries count indicator on the main page [closed]
- how to use transient method?
- Add custom argument to WP_Query and modify SQL where clause
- get_post_meta bringing back results, but $wpdb->postmeta doesn’t
- Group By query based on Custom Field
- Is there another way to retrieve a post_id from post_meta other than a SQL query?
- How to make OR condition in WP_Query