wpdb get_results() and prepare when to use prepare?

so if i have a function that gets terms from the database ( not the user ) do I need to use prepare first ( before get_results() ), or some sort of data sanitizing?

Yes, but you should be using get_terms/WP_Term_Query/wp_get_object_terms/etc and the other term APIs instead as they’re safer and can be much faster. SQL bypasses object caches and performance plugins, as well as local caches, bulk fetches and security protections.

If you’re going to perform an SQL query though, don’t try to escape it, use prepare to insert variables into the query ( never do it directly! ):

$safe_sql = $wpdb->prepare(
    "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s",
    [ 'foo', 1337, '%bar' ]
);

Remember, if you need to use an SQL query on the core WordPress tables, there’s a high chance you’ve done something wrong or don’t know about a function that does it for you.

Related Posts:

  1. How to save html and text in the database?
  2. sanitize_text_field and apostrophe problem
  3. $wpdb->get_row() only returns a single row?
  4. what is the way to see the currently executing query in wordpress?
  5. WordPress 4.8.1 uses mysql_connect which doesn’t work with PHP 7
  6. Does $wpdb->prepare not create a prepared statement that I can execute multiple times?
  7. $wpdb->last_error doesn’t show the query on error
  8. Get data from database table by post_id to get data from second database table
  9. Delete/replace img tags in post content for auto published posts [closed]
  10. $wpdb sql help. Select post id and post meta value based on 2 other post_meta values
  11. $wpdb prepared with search term
  12. What does wp_update_post() do that the $wpdb class does not?
  13. wpdb-> not adding prefix to custom table
  14. $wpdb prepare issue with mysql DATE_FORMAT
  15. How-To: wpdb Insert Record With Date
  16. Get random row from custom table
  17. I want to update my postcontent with $wpdb
  18. XOR functionality for meta_query
  19. $wpdb->replace / Replace or update primary key
  20. Create an array with a string key from wpdb->get_results
  21. Replicating the WP_Query ‘s’ param with $wpdb
  22. get the number of queries made on a page(inside my plugin)
  23. Doing a loop with multiple DBs simultaneoulsy
  24. How can I migrate mysql_fetch_array to $wbpdb?
  25. What is _transient_random_seed for?
  26. WordPress SQL query – returning ‘true’ ‘false’ or ‘null’
  27. Modify the structure of data returned by $wpdb
  28. Syntax for $wpdb->prepare when searching in two columns
  29. Foreach loop using $wpdb not results from rows
  30. Return XML of Post Metadata
  31. How to get a value-only flat array from $wpdb->get_results when selecting a single column, without foreach()?
  32. How to update a row in a table in WordPress
  33. What’s the proper way to add users to my site in order to test things?
  34. Optimizing WordPress Queries – Removing Group By ID
  35. Problem in inserting row to custom database table
  36. $wpdb->prepare with ON DUPLICATE KEY UPDATE
  37. Code only works every other time its run
  38. wpdb updating record in wordpress with json adds extra array elements
  39. How to display a specific category using a custom Query?
  40. Can’t pass variable in wordpress wpdb->get_results
  41. AWS Bitnami WordPress – SELECT command denied to user
  42. WPDB Placeholders and second argument for prepared statements
  43. PHP Fatal Error – $wpdb a non-object?
  44. How do I count columns on a custom WPDB query?
  45. Custom SQL query ORDER BY term_order
  46. Trouble inserting string containing quotations marks with wpdb in save_post hook
  47. $wpdb->prepare was called incorrectly when inserting multiple records
  48. How to protect a script execution on WordPress?
  49. Trying to get variable from WP table and toggle its value
  50. Set MySQL variables in WPDB
  51. get_results query with accent
  52. Is querying wpdb directly and skipping actions provided by WP’s core “wp_update_post” a good idea?
  53. how to connect to another database in wordpress
  54. $wpdb->insert() doesnt work anymore
  55. $wpdb query outputs php code instead of executing it
  56. wpdb query not working
  57. Where can I see MySQL hostname and port for wp-config.php
  58. WordPress wpdb->insert returns int(0) => doesn’t insert anything, no errors!
  59. Using “->” in a page to exceute $wpdb query gives error
  60. Exclude specific terms from all queries using posts_where or something similar
  61. Perform a function when a user clicks register button
  62. $wpdb->get_results not returning an array
  63. WPDB Query Question with Category Only
  64. wpdb result arrray inside an array
  65. $wpdb->num_rows doesn’t work
  66. $wpdb->get_var next var?
  67. How can I change my meta_query to SQL wpdb query?
  68. How do I modify this wpdb query to include posts that have a post_status of publish and draft?
  69. Can’t find out why dbDelta dosen’t create my table
  70. How capturate wpdb exceptions?
  71. Limit left join
  72. Check if Value Exists in Database, adding row details to variables and echoing result
  73. wpdb discards duplicate column names?
  74. Get records from Formidable Table using $wpdb->get_col
  75. WPDB SQL query SELECT from category
  76. I am using wpdb but it not working perfectly.but if I dont use form data its work
  77. How to Update multiple rows using $wpdb->update
  78. Unable to use $wpdb in WordPress
  79. How to display specific data from custom database table in WordPress
  80. Missing argument 2 for wpdb::prepare() [duplicate]
  81. Why is an empty result an error? ( $wpdb->get_row )
  82. get_row returns empty when data exists
  83. wpdb->update update the entire table instead of one row
  84. How to set up prepared query using IN statement
  85. Save customizer default values to DB on theme activation
  86. Plugin with connection to database – Single function
  87. Alter the main search query to search posts by coauthor user name
  88. WPDB Prepared Delete
  89. wpdb->update error
  90. get unserialized array without using get_option()
  91. wpdb Cannot Access Associative Array Data in a Count Query
  92. SQL Query to select post title & post ID from a particular category
  93. Create Table Failed Column Date DateType
  94. Using $wpdb to update current post
  95. Can’t seem to get set_blog_id working, it just doesn’t reset the blog ID
  96. DBDelta: “table doesn’t exist” for a table that was just created
  97. How does $wpdb->get_var work with offset?
  98. query_vars doesn’t return query string (trying to get data from $wpdb)
  99. WPDB prepare – like % – placeholders?
  100. $wpdb->prepare UPDATE process not work in functions.php