How to prevent SQL Injection in Wordpress?

Question

I\'m currently using the following query to get values in mysql using php:

The code is working, but now I\'m worried about sql injections.

How to prevent SQL

Answer 1

From the WordPress Codex on protecting queries against SQL Injection attacks:

<?php $sql = $wpdb->prepare( 'query' , value_parameter[, value_parameter ... ] ); ?>

If you scroll down a bit farther, there are examples.

You should also read the database validation docs for a more thorough overview of SQL escaping in WordPress.