I am creating a plugin that uses SQL queries in it. I would like to know if this function is sanitized?
I have already tried using wpdb->prepare and get_result. neither of those like my query at all, but I may be missing something.
global $wpdb;
$table_name = $wpdb->prefix . 'TableName';
$result = $wpdb->query("INSERT INTO $table_name(foo, bar, foobar, fa, baar, fabaar, origin)
VALUES ('" . $_POST['foo'] . "',
'" . $_POST['bar'] . "',
'" . $_POST['foobar'] . "',
'" . $_POST['fa'] . "',
'" . $_POST['baar'] . "',
'" . $_POST['fabaar'] . "',
'" . $_POST['origin'] . "');");
echo 'Posting was a success!';
die;
I want this to run the query in a sanitized and safe way.