Create table from array with prepare

Is it possible to create a table with the wpdb::prepare function?

I read the documentation and tried to find examples but there where none that helped me.

Even creating a table with prepare doesn't give me any useful examples on Google.

Currently I'm creating my table like this:

public function createTableFromFields( $tablename, $fields ) {

    //
    $wpdb = $this-db;
    $tablename = $wpdb-prefix . $tablename;

    $sql = 'CREATE TABLE IF NOT EXISTS ' . $tablename . ' (id INT(6) UNSIGNED
        AUTO_INCREMENT PRIMARY KEY';

    foreach ( $fields as $field ) {

        $sql .= ", $field TEXT";

    }

    $sql .= ')';

    $result = $wpdb-query( $sql );

    return $result;

}

But I learned that just using

$wpdb-query($sql)

is unsafe and that you should rather do it with

$wpdb-query(prepare($sql, $args).

So what do I put in $args here and what would be the SQL code then using the query format strings?

Topic mysql wpdb database Wordpress sql

Category Web

1
answered at

I tried this in local, and I think you have multiple fields inside $fields so I've added them in array.

Just look at the code below; it works fine as tested:

add_action('your_hook', 'createTableFromFields');
function createTableFromFields($tablename)
{
    $wpdb = $this->db;
    $tablename = $wpdb->prefix . $tablename;
    $fields = array('PersonID','LastName');
    $sql = 'CREATE TABLE IF NOT EXISTS %s (id INT(6) UNSIGNED
        AUTO_INCREMENT PRIMARY KEY';
    $test = array();
    foreach ($fields as $field) {
        $test[] =  $field." TEXT";
    }
    $t = implode(",", $test);
    $sql .= ",%s)";

    $result = $wpdb->query($wpdb->prepare(sprintf($sql, $tablename, $t)));
    return $result;
}

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.