Escaping sql custom tables

teanco
(@teanco)

3 weeks, 6 days ago
In my plugin I use custom tables to store data. When I run some queries, my code looks like following example:
```
$stmt = $wpdb->prepare("SELECT id, options, order_id FROM %i WHERE playlist_id = %d ORDER BY order_id", $media_table, $playlist_id);
$medias = $wpdb->get_results($stmt, ARRAY_A);
```
But when I run this with plugin check https://wordpress.org/plugins/plugin-check/ I will get an error. But the query is escaped, it just written in 2 lines.
```
ERROR WordPress.DB.PreparedSQL.NotPreparedUse placeholders and $wpdb->prepare(); found $stmt
```
- This topic was modified 3 weeks, 6 days ago by teanco.
- This topic was modified 3 weeks, 6 days ago by teanco.

Viewing 1 replies (of 1 total)

(@hupe13)

Try:

$medias = $wpdb->get_results(
  $wpdb->prepare(
    "SELECT id, options, order_id FROM %i WHERE playlist_id = %d ORDER BY order_id",
    $media_table, 
    $playlist_id
  ),
  ARRAY_A
);

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

Escaping sql custom tables

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics