/ Published in: PHP
Expand |
Embed | Plain Text
Copy this code and paste it in your HTML
$field1 = "Andy Peatling"; $field2 = "It's like that, and that's the way it is."; $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->sometable( id, field1, field2 ) VALUES ( %d, %s, %s )", $_POST['id'], $field1, $field2 );
URL: http://apeatling.wordpress.com/2008/06/25/prepare-dont-escape/