Building Web Apps with WordPress: WordPress as an Application Framework

by Brian Messenlehner

There are two main ways of escaping values used in your SQL queries: you can wrap your variables in the esc_sql() function (see Example 3-2) or you can use the $wpdb->prepare() method