Is this the right way to use get_row with a select *?
$_crds = $wpdb-get_row($wpdb-prepare(" SELECT * FROM `mailers` WHERE `id` = %d", $_GET['caId'] ));
$_zipcodes = $_crds-zipcodes;
$_maildate = $_crds-maildate;
Is that the right way to pull the values from the database? I have a lot of records in that table I need to pull, so wanted to do it in one db pull...
but my code appears to not be working.
-Rich
For Placehold to work, you should use $wpdb->query like:
$wpdb->query(
$wpdb->prepare( "
SELECT * FROM mailer
WHERE id = %d
",
$_GET['caId']
)
);
However in my opinion, the best option is to simply validate the get-parameter and than use it in $wpdb->get_results , like:
$catId = $_GET['caId'];
if(is_numeric($catId)){
$_crds = $wpdb->get_results(" SELECT * FROM mailers WHERE id = $catId");
foreach ($_crds as $_crds) {
$_zipcodes = $_crds->zipcodes;
$_maildate = $_crds->maildate;
}
}
I found out how to do it...
$_crds = $wpdb->get_results(" SELECT * FROM `mailers` WHERE `id` = %d", $_GET['caId'] );
foreach ($_crds as $_crds) {
$_zipcodes = $_crds->zipcodes;
$_maildate = $_crds->maildate;
}
That worked, except the %d didn't work, I had to just do it like this:
$_crds = $wpdb->get_results(" SELECT * FROM `mailers` WHERE `id` = " . $_GET['caId'] );
I don't know why the placehold did not work. crazy. wish it did because that is from the URL so could get code injection...
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.