Escaping lists of strings for SQL in WordPress

Today I found myself wanting to use a query similar to SELECT DISTINCT post_id FROM $wpdb->posts WHERE meta_key IN ( 'string_x', 'string_y', 'string_z' ), but where I needed to construct the values for the list of strings from an array of untrusted values (because we never trust inputs, we always look suspiciously on them if they’re going near the DB). Looking through the core code, it seems like there’s currently one place it does this and, while less elegant than the WPDB class prepare method it’s worth me remembering for the future, so…

Continue reading Escaping lists of strings for SQL in WordPress

Exporting from MySQL to CSV

Everytime I need to do this I go into at least five minutes of Googling for a decent solution. The problem is that a lot of people don’t have access to the commandline, so the solutions all reference PHPMyAdmin which is, you know, OK, but I don’t use it or want to install it just to export some quick reports. Other solutions are similarly indirect.

Continue reading Exporting from MySQL to CSV