lets say i want to create a wordpress plugin, which will get data from a plugins custom table in the wordpress database and add some content to each post. This woul propably look someting like this: SELECT * FROM $my_table WHERE time BETWEEN $prevoius_post_time AND $current_post_time ORDER BY time LIMIT 5000
There should be a way to modify this query by the posts editor to add some additional filters to this, so i would end up with something like:
SELECT * FROM $my_table WHERE time BETWEEN $prevoius_post_time AND $current_post_time && $filter ORDER BY time LIMIT 5000,
where $filer could be something like filterrow1 != 300 && filterrow2 >=7, which will be created using a form ($_POST) in the backend before publishing a new post.
Now i am not sure where to store the $filer variable, as i am a little bit afraid of SQL injections etc. Is it safe enough to store $filer in a posts meta via update_post_meta() and just receive it with the get_post_meta() function before the actual query?
Or am i missing any other and better way? Since the filters may get really complex, i dont really see any way of storing $filter as a array like $key => $value and generate the whole filter on each request.
Hei. You can use $filter = mysql_real_escape_string($filter); or you can use $wpdb prepare function (look up wordpress manual). It takes care of sql injections.