Hello friends, I would be glad to get some help in understanding of this rejection reason :
Please make sure you properly prepare your data for $wpdb.
Please also read
What exactly I am supposed to do?
thanks in advance
Hi
as per link in your theme you used any direct mysql_query ? if yes then use wordpress method
For sql query $wpdb
thanks for your reply , but i don’t have no mysql_query in my theme and no function related to sql .
or maybe i should tell that to the reviewer ?
its showing that you need escape data before update or insert to database
may be its used in your theme options or function you can share demo link with me
the old demo is deleted . but I discovered that option tree uses some sql queries :
$ot_maybe_cleanup_posts = count( $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'option-tree' LIMIT 2" ) ) > 1;
$wpdb->query( "DROP TABLE IF EXISTS $table_name" );
$attachmentid = $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE guid='$file'" );
but the problem is how prepare those queries for wpdb as he requested . ??
You can include option tree as a plugin , I did that in one of my themes .
Regards
$ot_maybe_cleanup_posts = count( $wpdb->get_results(esc_sql(“SELECT * FROM $wpdb->posts WHERE post_type = ‘option-tree’ LIMIT 2” ) ) > 1;
$wpdb->query( “DROP TABLE IF EXISTS $table_name”);
use like this
The reviewer literally means to use the prepare method of the $wpdb class:
https://developer.wordpress.org/reference/classes/wpdb/prepare/