Question 1. I know I don't need to do them for wbdb->insert or wbpdb->delete, but people say do it anyway even though the class will do it for you.
// I've got a select count query function and should use it here.
global $wpdb;
$entries = $wpdb->prefix . 'simpledir_entries';
$count = $wpdb->get_var("SELECT COUNT(*) FROM $entries WHERE rel = $id;");
if($count <= 0){
return false;
}else{
return true;
}
Question 2. I'm not sure how to formulate this into the proper prepared statement which is completely secured. Does $entries and $id both need it?
Thanks
Answering to your first question: Prepare statement in WordPress prepares a SQL query for safe execution. It uses sprintf()-like syntax.
For your second question: In your case of get_var query the statement should be something like this:
global $wpdb;
$entries = $wpdb->prefix . 'simpledir_entries';
$count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM %s WHERE rel = %d;", $entries, $id));
if($count <= 0){
return false;
}else{
return true;
}
Good Luck!!