Monthly Archives: August 2008

Functions that update the database should expect their parameters to lack SQL slash escaping when passed. Escaping should be done as close to the time of the query as possible, preferably by using $wpdb->prepare $wpdb->prepare is a method that handles … Continue reading →