Where to put the placeholder in wpdb-prepare

Question

I know this has been asked before, but in my case, i'm kinda stumped where i need to put my placeholders:

$prepared = $wpdb->prepare(
"
    SELECT *
    FROM tarieven
    WHERE bestemming 
    = '" . trim($_POST['destination']) . "'
",
'value', 'another value'
);

$results = $wpdb->get_results($prepared);

[This post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. — Alex Howansky, Jun 13 '17 at 13:56

score 0 · Answer 1 · answered Jun 13 '17 at 14:42

Took my sweet time, but i understand it now, had to replace my var with the placeholder.

$prepared = $wpdb->prepare(
"
    SELECT *
    FROM tarieven
    WHERE bestemming 
    = %s
",
trim($_POST['destination'])
);

$results = $wpdb->get_results($prepared);

Where to put the placeholder in wpdb-prepare

1 Answers1