Home/ Questions/Q 6337837
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T19:19:35+00:00

I have created a simple plugin. It has a configuration site in the backend

  • 0

I have created a simple plugin. It has a configuration site in the backend and some functions for the user site. I need to save some user choices into database. On the beginning I used $wpdb->insert() and $wpdb->update() methods, but after I read https://codex.wordpress.org/wpdb_Class#Protect_Queries_Against_SQL_Injection_Attacks I want to change it into $wpdb->query($wpdb->prepare()) .

But how can I get id of the just inserted row without new select query? if I use $wpdb->insert() I have this id in $wpdb->insert_id, but if I use $wpdb->query() this field is empty…

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Using $wpdb->insert() and $wpdb->update() you are implicitly using $wpdb->prepare() function and its protection.

    For example the WordPress $wpdb->update() function has in the final two lines:

    $sql = "UPDATE `$table` SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
return $this->query( $this->prepare( $sql, array_merge( array_values( $data ), array_values( $where ) ) ) );

    So, to get the inserted ID and be protected, I recommend you use $wpdb->insert().

    • 0