Edit - WordPress Development Stack Exchange

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

1

you don't need to prepare a query that doesn't take any input.

Milo
– Milo

2013-06-15 18:08:35 +00:00
Commented Jun 15, 2013 at 18:08
I disagree with you.

JMau
– JMau

2013-06-15 18:09:52 +00:00
Commented Jun 15, 2013 at 18:09
prepare prevents against injection, how do you inject a query that's entirely hardcoded in a string?

Milo
– Milo

2013-06-15 18:17:51 +00:00
Commented Jun 15, 2013 at 18:17
prepare is absolutely needed for insert and update if the query accepts input. please explain why the query you've shown above needs to be sanitized. you wrote the query, there's nothing unknown being added to the query, it does not need to be prepared.

Milo
– Milo

2013-06-15 18:27:17 +00:00
Commented Jun 15, 2013 at 18:27
You're right for insert and update, I was refering to another context. I always sanitize datas before querying.

JMau
– JMau

2013-06-15 18:31:02 +00:00
Commented Jun 15, 2013 at 18:31

Add a comment |

Correct minor typos or mistakes
Clarify meaning without changing it
Add related resources or links
Always respect the author’s intent
Don’t use edits to reply to the author

create code fences with backticks ` or tildes ~
```
like so
```
add language identifier to highlight code
```python
def function(foo):
print(foo)
```
put returns between paragraphs
for linebreak add 2 spaces at end
_italic_ or **bold**
indent code by 4 spaces
backtick escapes `like _so_`
quote by placing > at start of line
to make links (use https whenever possible)

<https://example.com>

[example](https://example.com)

<a href="https://example.com">example</a>

formatting help »
answering help »