You don’t need to remove the prepare()
, but you just need to do it properly.
And please check the $wpdb->prepare()
reference for the function’s syntax etc., but basically, instead of (wrapped for brevity):
$insert_query = "INSERT INTO `".$computer_repair_items."`
VALUES(NULL, '".$wc_service_name."', 'services', '".$post_id."')";
$wpdb->query(
$wpdb->prepare($insert_query)
);
you should do it like this: (presuming $computer_repair_items
is a valid table name)
$insert_query = $wpdb->prepare(
"INSERT INTO `$computer_repair_items` VALUES(NULL, %s, 'services', %d)",
$wc_service_name, // 2nd parameter; replaces the %s (first placeholder)
$post_id // 3rd parameter; replaces the %d (second placeholder)
);
$wpdb->query( $insert_query );
I.e. You must pass at least two parameters to $wpdb->prepare()
:
-
The first parameter is the SQL command and should be in the same format as accepted by the PHP’s
sprintf()
function, i.e. using placeholders such as%s
for strings and%d
for integers. -
The second parameter should be the replacement value for the first placeholder in the SQL command mentioned above, i.e. the first parameter. So in the example I gave, the second parameter is
$wc_service_name
which the value replaces the%s
in the SQL command. But note that you should not wrap the placeholder in quotes, so'%s'
and"%s"
for examples, are incorrect and just use%s
. -
Depending on your SQL command, you can also have the third, fourth, fifth, etc. parameters, just as in the example I gave where I have a third parameter which is
$post_id
for the%d
placeholder.
And actually, for single INSERT
operations, you could simply use $wpdb->insert()
:
// Make sure you replace the column NAMES.
$wpdb->insert( $computer_repair_items, [
'column' => $wc_service_name,
'column2' => 'services',
'column3' => $post_id,
] );
For multiple inserts, you can try something like:
$insert_values = [];
foreach ( [
[ 'wc_service_code', $wc_service_code ],
[ 'wc_service_id', $wc_service_id ],
[ 'wc_service_qty', $wc_service_qty ],
[ 'wc_service_price', $wc_service_price ],
] as $row ) {
$insert_values[] = $wpdb->prepare( "(NULL, %d, %s, %s)",
$order_item_id, $row[0], $row[1] );
}
$insert_query = "INSERT INTO `$computer_repair_items_meta`
VALUES " . implode( ',', $insert_values );
$wpdb->query( $insert_query );
Or just call $wpdb->insert()
multiple times..