How to make below code safe from sql injection.
PHP Code
global $wpdb;
if($wpdb->insert(
'votes',
array(
'votes' => $votes,
'competition' => $competition,
'uid' => $uid
)
) == false) wp_die('Database Insertion failed'); else echo 'Database insertion successful<p />';
wordpress insert and update statements used prepare statement internally so no need to use them from outside. assuming $votes integer and other variables as string
global $wpdb;
if($wpdb->insert(
'votes',
array(
'votes' => $votes,
'competition' => $competition,
'uid' => $uid
),
array(
'%d',
'%s',
'%s',
)
) == false) wp_die('Database Insertion failed'); else echo 'Database insertion successful<p />';