zepnaw
Last Updated: June 22, 2016
·
7.505K
· felipelavinz

Sanitizing queries with "IN" clauses with $wpdb on WordPress

$wpdb includes the "prepare" method that will sanitize the query based on the type of data used for the search clauses.

Even though there's no straightforward way to sanitize "IN" clauses, you can use a handy workaround. For instance:

// get a set of "special" entries
// $special_entries = array(1, 3, 5, 8, 13, [...]);
$special_entries = get_option('my_special_entries');

// how many entries will we select?
$how_many = count($special_entries);

// prepare the right amount of placeholders
// if you're looing for strings, use '%s' instead
$placeholders = array_fill(0, $how_many, '%d');

// glue together all the placeholders...
// $format = '%d, %d, %d, %d, %d, [...]'
$format = implode(', ', $placeholders);

// and put them in the query
$query = "SELECT ID, post_title, post_name, post_parent FROM $wpdb->posts WHERE post_parent IN($format)";

// now you can get the results
$results = $wpdb->get_results( $wpdb->prepare($query, $special_entries) );

3 Responses
Add your response

10069

awesome! i am glad i found it when i needed it. :)

over 1 year ago ·
11753

Thanks Man !

over 1 year ago ·
12053

Perfect, thank you!

over 1 year ago ·