I want to prepare my data to avoid SQL Injections. So my current working code to show a list of data from a table's column:
global $wpdb;
$sliders = $wpdb->get_results('SELECT alias, title FROM wp_revslider_sliders', ARRAY_A);
echo '<select name="revslider">';
if ($sliders) {
foreach($sliders as $slide){
echo '<option value="'.$slide['alias'].'" '.($select_revslider_shortcode == $slide['alias'] ? 'selected=""' : '').'>'.$slide['title'].'</option>';
}
}
echo '</select>';
I need to use $wpdb->prepare
to be sure that my datas are correctly brought from the db. My current progress:
$sliders = $wpdb->query($wpdb->prepare("SELECT id, alias, title FROM wp_revslider_sliders", ARRAY_A));
This isn't working. I get a notice:
Notice: wpdb::prepare was called incorrectly. The query argument of wpdb::prepare() must have a placeholder.
Can anyone tell me where I'm wrong with my code?
Regards