What SQL / WordPress queries would need a nonce?

You might be a little confused as to the purpose and function of nonces in WordPress.

Recommended reading:

A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise.

Nonces help you ensure, somewhat, the validity of the request being made to a given URL and or the use of a particular form to submit data, whether that be on the backend or frontend.

It doesn’t have any bearing on the use of wpdb class.

As evidenced in your previous question your query was not working due to improper SQL synatx.

A good rule to follow is that URLs or forms, especially those that perform any actions on your database should always be accompanied by a nonce that you can verify the request validity against.

Then when inserting data into the database, if you must write raw SQL queries, then you should only use the wpdb class, in particular $wpdb->query() method along with the $wpdb->prepare() method to project against SQL injection: Protect_Queries_Against_SQL_Injection_Attacks

Under the hood, when using functions like wp_insert_post or wp_update_post, WordPress calles either $wpdb->insert() or $wpdb->update() which in turn calls $wpdb->query( $wpdb->prepate() ), so it takes care of sanitization for you.

This is why it is recommended to use the core functions of WordPress when inserting or updating posts, postmeta, users, usermeta and so forth.

In summary, be sure to read the references outlined above as they will greatly help you in furthering your understanding of what nonces are, when you should use them and how.

Related Posts:

  1. Transaction when using WP functions rather than vanilla SQL?
  2. How to get the list of WooCommerce product image of a certain category from database?
  3. How to make WordPress plugin check for database changes and then do something?
  4. How to Join two tables from separate databases within WordPress
  5. Would manually deleting the dumping data fix a “#1062 – Duplicate entry ‘1’ for key ‘PRIMARY'” phpMyAdmin error?
  6. register_activation_hook isn’t adding table to DB
  7. Importing Geo data into wordpress database
  8. WP_Query adds “(wp_posts.ID = ‘0’)” so no results are returned
  9. $wpdb->insert() does not Insert record in a table
  10. Use $wpdb or other PHP script method to find/replace in WP database
  11. How can I add a new row in a separate database when someone registers via WordPress?
  12. Pull MySQL data from multiple tables and merge into 1 PHP array
  13. Use variable in SQL statement
  14. mySQL queries are executed twice on wordpress website
  15. making php value numeric
  16. Database SQL query error
  17. How to run complex query using PHP
  18. Inserting other fields to existing registration form in a WordPress theme
  19. SQL Query Search page
  20. can’t delete a row from post_meta table
  21. Conditional statement within WP SQL query
  22. Fatal error: Call to undefined function mysql_connect()
  23. Commands out of sync; you can’t run this command now
  24. Fatal error: Call to a member function query() on null
  25. Query both first_name and last_name from wp_usermeta at the same time
  26. WordPress “Link has expired” error on updating posts
  27. Alter query on edit.php
  28. How to add query vars with paginated URLs?
  29. WordPress will not operate correctly
  30. tag search using WP_Query
  31. simple wordpress ajax plugin not working when not logged in
  32. Install will not load: PHP does not have MYSQL installed
  33. Insert post without actions/hooks
  34. Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  35. Import 10,000 Users into WordPress WITH a specific ID for each user
  36. if statement on database query
  37. Is the regular ajax request method safe or I should use admin-ajax.php?
  38. Unusable menus and “Illegal widget setting ID: nav_menu_item[]” error
  39. How to get the post_id from postmeta
  40. Enhanced WordPress Search
  41. Styling images coming from another blog
  42. How to create and work with custom data / tables (i.e., for arbitrary data)?
  43. How to convert objects into arrays
  44. Ajax $wpdb not returning table data
  45. Is there a way to get 3+ dimensional array from a single MySql command
  46. Get stock by custom meta field on all Woocommerce variable products
  47. Display fields as values in array from external SQL DB
  48. Can’t get wp_insert_post to work
  49. mysql query from wordpress page using custom table
  50. PHP Fatal error: Uncaught mysqli_sql_exception: Table doesn’t exist in wordpress/wp-includes/wp-db.php
  51. SQL Injection blocked by firewall
  52. How to check if a meta value has already been assigned to any user?
  53. Are nonces in WP REST API optional by default?
  54. Long running queries
  55. Not connecting to database in file with multiple MySQL connections
  56. Way to bulk make all my tags lowercase?
  57. $Wpdb post meta query is not working with mutliple meta keys and values? [closed]
  58. Custom array from a query only write the last row of the query
  59. php include not working in custom page
  60. email alert for product availability
  61. Issue with fetching mysql data and displaying results via shortcode in webpage
  62. Custom route and query
  63. How to use the wpsnonce clone post link?
  64. How do I prepare strings for insertions as values into a MySQL table?
  65. add category to posts with tag wordpress
  66. How can I Use 2 databases with one WordPress install
  67. Edit Account – read and write to MySQL
  68. Why won’t this wpdb get_results query return results?
  69. Why when I create a new post I found 2 record related to this post into the posts database table?
  70. Most viewed posts in WordPress
  71. Using Ajax to submit a form, and run a SQL Select query based on user input from the form
  72. What’s wrong in my PHP code? I’m using WordPress Astra Theme and I can’t insert data into my SQL
  73. WordPress low speed after migrating to new host
  74. Get mysql data for Quick Edit panel
  75. AWS Lightsail WordPress – connect to database on instance using mysqli
  76. call to undefined function mysql_connect
  77. Log out without confirmation request (nonce)
  78. Using wpdb to connect to a different database is not working
  79. How to edit content in WordPress and the Polylang – plugin? – with demosite
  80. Change upload URL by mime type
  81. Unexpected behavior when trying to manually install WordPress on macOS Sierra
  82. WordPress post insertion from PHP file
  83. Insert data from form to database
  84. Prepared DB Query from _POST array
  85. Where to check in PHPmyAdmin / SQL database for subdomain
  86. Plugin Modification Change Functionality For Logged User Only
  87. Include a custom field in mysql query
  88. Can not manually create a database ( db, user, pass ) for a plugin
  89. WordPress upload images not displaying
  90. How to merge 2 WordPress sites?
  91. two wordpress sites, two themes, one database, same content
  92. how to check for wordpress Query errors
  93. Splitting One Big WordPress Site into Multiple Small Sites
  94. MySQL database migration to WordPress
  95. Custom query_posts() parameter
  96. How to edit the default database of WordPress [closed]
  97. Query Concatenation
  98. Display total count of products in orders of a specific order status
  99. SQL query to retrieve the number of WordPress posts with all given categories
  100. running an existing WordPress site from Visual Studio Code?