job.answiz.com
  • 1
Votes
name
name Punditsdkoslkdosdkoskdo

How to prevent SQL Injection in Wordpress?

I'm currently using the following query to get values in mysql using php:

The code is working, but now I'm worried about sql injections.

How to prevent SQL injection?

<?php include_once("wp-config.php");
@$gameid = $_GET['gameid'];

global $wpdb;
$fivesdrafts = $wpdb->get_results( 
    "
    SELECT ID
    FROM $wpdb->posts
    WHERE  ID = ".$gameid." 

    "
);
?>

is this safe?

<?php include_once("wp-config.php");
@$gameid = mysql_real_escape_string($_GET['gameid']);

global $wpdb;
$fivesdrafts = $wpdb->get_results(
$wpdb->prepare(
    "
    SELECT ID
    FROM $wpdb->posts
    WHERE  ID = %d", ".$gameid.")
);
?>