Escaping data before import into database

I have a function in a WordPress plugin that takes a csv file and reads the data into a MySQL database table. Works fine except the raw data is not properly escaped and apostrophes cause issues. My code is below. How can I fix this issue?

if (($handle = fopen($file_url, "r")) !== FALSE) {
$j = -1;
while (($data = fgetcsv($handle, 1000, $delimiter)) !== FALSE) {
foreach($data as $i => $content) {
    $data[$i] = $data[$i];
}
$wpdb->query( "INSERT INTO games ( id, game_id, date, time, field, hteamno, vteamno, hcoach, vcoach, division, friendly, pool ) VALUES('" . implode("','", $data) . "') ");

$j++;

}

Thanks.

Solutions

You could use $wpdb->prepare() with placeholders of the appropriate types (eg %s for string) to prepare your SQL string.

Or you could use $wpdb->insert(), which also allows placeholders, leaving WordPress to do the work.

Tags: Mysql / Wordpress

Similar questions

Escaping untrusted data in php for my wordPress theme
I have got a comment from someone superior to me who wants me to escape some comment in two php snippets which I have posted below. The problem is I don't know how to do that. Can anyone help me by modifying the snippets. Comment I got: Comment #1: Validate and/or sanitize untrusted data before entering into the database. All untrusted data should ...
React : how to prevent escaping in data-attribute
I have a JSON that looks like this { "id":"xyz", "height":1024, "width":1024 } which I would like to have in a data attribute like : but when I use react it escapes the string as shown below : I use this code to generate the element does anyone know how I can get the JSON without the " escaping? If it's not possible how can I transform it back...
How can I hook into creating a new post and execute wp_die(), before the post is inserted into the database?
Info about wp_die from codex: Kill WordPress execution and display HTML message with error message. A call to this function complements the die() PHP function. The difference is that HTML will be displayed to the user. It is recommended to use this function only when the execution should not continue any further. I have code: Problem is that error ...
Check if title exists in wordpress database before import
I am using a json feed to import new posts. This works as expected, but I am not able to prevent importing duplicated posts. When I run the script twice it also imports the posts twice. How can I check the wordpress database to prevent importing the same posts.
How do you save form data into database before submitting
I am trying to save my form data into a wordpress database before submitting it. Please help. Heres my code and the php code to insert into database: And the code to insert into DB:
Require confirmation of current user's email before updating database and before send_email_change_email
I like the core ability for users to update their default "Email" field. For example username1 can edit their own profile and change their "Email" field from [email protected] to [email protected] and click save. After update, I like that an email that is sent by wordpress core to [email protected] notifying that the change happened in the datab...

Also ask

We use cookies to deliver the best possible experience on our website. By continuing to use this site, accepting or closing this box, you consent to our use of cookies. To learn more, visit our privacy policy.