Tag: esc_sql

  • Escaping lists of strings for SQL in WordPress

    Today I found myself wanting to use a query similar to SELECT DISTINCT post_id FROM $wpdb->posts WHERE meta_key IN ( ‘string_x’, ‘string_y’, ‘string_z’ ), but where I needed to construct the values for the list of strings from an array of untrusted values (because we never trust inputs, we always look suspiciously on them if…