WPDB: Update table

Now I have learned that the way I change the database is not safe regarding SQL injection.

So I wonder where/how did you learn that?

And other than that you should check if those two POST variables are actually set, your toggle_status() code looks fine to me, and $wpdb->update() is an easy way to update a record in the database in WordPress, so you should just use that function instead of having to use the “long” version: $wpdb->query( $wpdb->prepare( "UPDATE ...", ... ) ).

And actually, if you were to use that version, then the correct syntax is:

$wpdb->query(
    $wpdb->prepare( "UPDATE $tablename SET active = %s WHERE id = %d", $active, $id )
);

I.e. Do not wrap the query value placeholders in quotes, e.g. just %s and not '%s', and for each placeholder, pass its replacement value as a direct parameter for $wpdb->prepare() and not as part of the array like you did in your code.

And yes, with $wpdb->update(), you should pass the raw data and not escaped ones, e.g. pass "foo" as-is and not escaped like \"foo\". Otherwise, the function would double-escape that escaped value as \\\"foo\\\"

Related Posts:

  1. Help With MySQL to WPDB Query Conversion
  2. Issue running db create table query from static method
  3. How to securely controlling data without keeping it in postmeta?
  4. How to Add an Index to Plugin Database table
  5. How to delete all records from or empty a custom database table?
  6. dbDelta only creates the last table
  7. Creating two database tables via plugin
  8. How does WordPress handle MySQL row lock errors?
  9. Is their any way to Extend WPDB class and Overwrite the Default Query Function
  10. $wpdb->get_results() does not fetch results with unicode ‘WHERE’ clause
  11. WordPress register_activation_hook table creation not working
  12. Default Plugin Settings Not Writing to Database
  13. Building an email signup form. Where should the information be saved in the DB?
  14. Plugin Options Not Saving to Database in WP 4.5
  15. Doubt using $wpbd->get_col for a single column
  16. Access WordPress database outside of WordPress
  17. How to create custom tables in WordPress using my own plugin?
  18. Correct way to perform non-cacheable DB query
  19. Is it possible to create Custom Post plug-in?
  20. Creating mySQL procedure with $wpdb
  21. Prevent duplicate records in plugin table
  22. Change commission_status paid when withdraw_status vendor is completed
  23. WordPress Backend HA (Automatic failover)
  24. How can I change the meta_key for a particular piece of information?
  25. Create a table with wordpress plugin boilerplate
  26. plugin code is pulling information from database in one instance and not in other. What is wrong?
  27. Can I create a table on my DB without creating a plugin?
  28. WordPress : Explain Plugins & Theme string value in database
  29. Is it necessary to auto delete my WP plugin database tables when users deactivate/delete my plugin?
  30. after wordpress update to 3.5+ i get many errors in plugin wpdb::prepare()
  31. How to insert and call new data in wordpress website database through a plugin
  32. Separate database for a wordpress plugin
  33. Best/Correct way to add an option to a category
  34. What is the WordPress approach to custom data?
  35. How to create plugin/ page that reads from database
  36. DB Query not working in Plugin
  37. Comment “like” problem – “users who like this” avatar linking to current user profile instead of “liker’s” profile
  38. WordPress plugin: efficient way to store large data
  39. Displaying data from another database
  40. How to access the WordPress DB from a plugin file
  41. WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version [closed]
  42. Integrating Custom Database with WordPress
  43. How to display results from a data table with an encrypted user id?
  44. How to make a Product page without ordering and database
  45. $wpdb->delete not working for me
  46. I want to schedule email (date, time is in database->table) wp_schedule_event() not working
  47. $wpdb->insert not working inside save_post tag
  48. Using id to show item
  49. Where do the section input fields values are stored in database
  50. My plugin can’t see my files
  51. how can i get records from wp_postmeta table using particular meta_key in database?
  52. Write mysql credentials in plugin
  53. Create New Admin Menu Section – Like how custom post type works, in a way
  54. Creating fields in the database
  55. How to submit the custom form data in database in WordPress without plugin?
  56. Is it safe to increase/alter the size of the wp_post.guid column from VARCHAR(255) to VARCHAR(2048)?
  57. Get all the related data from WordPress DB
  58. How to dispaly post informations (such as titles) in an admin plugin menu page?
  59. get_option returning a different value from what’s saved
  60. How can I delete the options from DB when the plugin is deleted?
  61. register_activation_hook not working
  62. On the same site, how do I send data from a plugin file to a theme file?
  63. How to check record is exist or not in WordPress CRUD Operation with $wpdb
  64. plugin doesn’t retrieve data from database
  65. WordPress plugin from own server
  66. How to avoid plugin name conflicts from the upgrade notifier?
  67. How do I only load a plugin js on it’s settings pages?
  68. Use functionality of 2 wordpress plugins
  69. Autoload via composer in plugin interference
  70. Can WordPress plugins “Talk to each other”?
  71. Plugin exceeds memory limit
  72. Plugin Paths Issue
  73. Woocommerce plugin for minimum order and add-to-card-step
  74. UnInstallation of a Plugin from a developers perspective – The correct and clean method
  75. WordPress Settings Lost After Site Migration
  76. custom uploader in the admin area
  77. I receive taxonomy id
  78. Where do plugin variables live in the db?
  79. How do I remove all traces of a plugin?
  80. How can replace this url
  81. Missing files in enqueue actions causes WordPress to reload
  82. I can’t use WP_Query
  83. Update database record in plugin
  84. Adding/ Removing actions for plugins
  85. WP Plugin: Print javascript in header
  86. Adding list of Indexes in wordpress document
  87. Is it possible to recover Deleted users?
  88. Embed php code in custom field of a plugin [closed]
  89. How to create a “plugin” or “block” that can manipulate WordPress DOM in frontend?
  90. Create WordPress category dynamically
  91. Take Elementor For Email FIeld Check if user is registered. IF not registered then register on woocommerece
  92. Template selector for woocommerce product
  93. How to access values from your own settings page in javascript?
  94. How to load plugin static data from cloudfront
  95. How to Replicate Elementor Licensing Model
  96. How do I save meta key value in the save function?
  97. How can I view forums from different sites in a single panel? [duplicate]
  98. The Best Multilanguage Plugin supporting the FSE [closed]
  99. warning wp session
  100. Redux Framework slides field – How Can i add new placeholder Filed? [closed]