8Answers
  • 6
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 187

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 187
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

How to insert data using wpdb

I have wriiten as following

$name="Kumkum";
$email="kumkum@gmail.com";
$phone="3456734567";
$country="India";
$course="Database";
$message="hello i want to read db";
$now = new DateTime();
$datesent=$now->format('Y-m-d H:i:s');    
global $wpdb;
$sql = $wpdb->prepare(
 "INSERT INTO `wp_submitted_form`      (`name`,`email`,`phone`,`country`,`course`,`message`,`datesent`) values ("
 $name, $email, $phone, $country, $course, $message, $datesent. ')")';

$wpdb->query($sql);

It's not working... It throws error... Please help me in correcting it.

Use $wpdb->insert().

$wpdb->insert('wp_submitted_form', array(
    'name' => 'Kumkum',
    'email' => 'kumkum@gmail.com',
    'phone' => '3456734567', // ... and so on
));
  • 95
Reply Report
    • Sorry to drudge up an old topic, but I wanted to note that $wpdb->insert sanitizes your data for you, unlike $wpdb->query which requires you to sanitize your query with $wpdb->prepare. The difference between the two is $wpdb->query allows you to write your own SQL statement, where $wpdb->insert accepts an array and takes care of sanitizing/sql for you.
      • 2
    • You need a 3rd parameter indicating the data types of each parameter, otherwise they will all be trated as string. For "int, float, string" parameters it would be: array('%d', '%f', '%s')

Just use wpdb->insert(tablename, coloumn, format) and wp will prepare that's query

<?php
global $wpdb;
$wpdb->insert("wp_submitted_form", array(
   "name" => $name,
   "email" => $email,
   "phone" => $phone,
   "country" => $country,
   "course" => $course,
   "message" => $message,
   "datesent" => $now ,
));
?>
  • 19
Reply Report

You have to check your quotes properly,

$sql = $wpdb->prepare(
    "INSERT INTO `wp_submitted_form`      
       (`name`,`email`,`phone`,`country`,`course`,`message`,`datesent`) 
 values ($name, $email, $phone, $country, $course, $message, $datesent)");
$wpdb->query($sql);

OR you can use like,

$sql = "INSERT INTO `wp_submitted_form`
          (`name`,`email`,`phone`,`country`,`course`,`message`,`datesent`) 
   values ($name, $email, $phone, $country, $course, $message, $datesent)";

$wpdb->query($sql);

Read http://codex.wordpress.org/Class_Reference/wpdb

  • 4
Reply Report
      • 1
    • I believe wpdb->prepare requires 2 parameters. Something like this should work: $sql = $wpdb->prepare( "INSERT INTO wp_submitted_form (name,email,phone,country,course,message,datesent) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s')", $name, $email, $phone, $country, $course, $message, $datesent); Also, without using a prepare statement or a wpdb->insert, how is your second answer not vulnerable to sql injection?

Try this

I recently leaned about $wpdb->prepare HERE and added into our Free Class Booking plugin, plugin approved on wordpress.org and will live soon:

global $wpdb;
$tablename = $wpdb->prefix . "submitted_form";

$name     = "Kumkum"; //string value use: %s
$email    = "kumkum@gmail.com"; //string value use: %s
$phone    = "3456734567"; //numeric value use: %d
$country  = "India"; //string value use: %s
$course   = "Database"; //string value use: %s
$message  = "hello i want to read db"; //string value use: %s
$now      = new DateTime(); //string value use: %s
$datesent = $now->format('Y-m-d H:i:s'); //string value use: %s

$sql = $wpdb->prepare("INSERT INTO `$tablename` (`name`, `email`, `phone`, `country`, `course`, `message`, `datesent`) values (%s, %s, %d, %s, %s, %s, %s)", $name, $email, $phone, $country, $course, $message, $datesent);

$wpdb->query($sql);

Thanks -Frank

  • 4
Reply Report

Problem in your SQL :

You can construct your sql like this :

$wpdb->prepare(
 "INSERT INTO `wp_submitted_form` 
   (`name`,`email`,`phone`,`country`,`course`,`message`,`datesent`) 
   values ('$name', '$email', '$phone', '$country', 
         '$course', '$message', '$datesent')"
 );

You can also use $wpdb->insert()

$wpdb->insert('table_name', input_array())
  • 1
Reply Report
global $wpdb;
$insert = $wpdb->query("INSERT INTO `front-post`(`id`, `content`) VALUES ('$id', '$content')");
  • 0
Reply Report
      • 1
    • Stylistically better, simpler, and much safer to use $wpdb->insert() as detailed in a few other answers. This isn't "wrong", it just doesn't make good use of $wpdb. Sorry to dredge up an old article, but this is really important as use of $wpdb->query() can lead to failure to prepare. Also, without using insert() you'd have to fiddle to get any autoincrement key. See user examples in developer.wordpress.org/reference/classes/wpdb/insert