Start learning with our library of video tutorials taught by experts. Get started

WordPress: Creating Custom Widgets and Plugins with PHP

Inserting data


From:

WordPress: Creating Custom Widgets and Plugins with PHP

with Drew Falkman

Video: Inserting data

If you've created your own table in WordPress, you can insert and update data from it using the same wp_db class we used to get data out. We'll look at how to use the functions to do that, and I also want to discuss how to protect your application from SQL injection attacks. A quick note: just because you can insert an update directly to the WordPress database, it's a better practice to use the functions that are there to do this. That way if the table names ever change in future versions, your code won't break. So this is our plugin that we've created to detect browsers.
Expand all | Collapse all
  1. 1m 49s
    1. Welcome
      1m 16s
    2. Using the exercise files
      33s
  2. 23m 29s
    1. WordPress overview
      2m 32s
    2. Installing WPI for Windows
      3m 42s
    3. Installing MAMP for the Mac
      3m 25s
    4. Installing and configuring WordPress
      5m 51s
    5. Comparing WordPress 3.0 with previous versions
      2m 57s
    6. Setting up a PHP/WordPress development environment
      5m 2s
  3. 14m 47s
    1. Exploring WordPress plugins
      3m 42s
    2. Administering plugins from the WordPress admin
      5m 23s
    3. Exploring where plugins reside
      2m 51s
    4. Introduction to hooks
      2m 51s
  4. 39m 28s
    1. Creating the plugin PHP file(s)
      3m 12s
    2. More on hooks: Actions and filters
      3m 15s
    3. Installation and activation
      4m 6s
    4. Writing activation code
      3m 45s
    5. Writing an action
      5m 12s
    6. Writing a filter
      4m 15s
    7. About pluggable functions
      2m 1s
    8. Writing a pluggable function
      5m 30s
    9. Using template tags
      2m 46s
    10. Introducing shortcode
      5m 26s
  5. 26m 2s
    1. Widgets and the WordPress Widgets SubPanel
      2m 54s
    2. Comparing widgets and plugins
      1m 8s
    3. Using and customizing built-in widgets
      3m 18s
    4. Creating a new widget
      7m 21s
    5. Writing the constructor and registering widgets
      5m 20s
    6. Enabling configuration of widgets
      6m 1s
  6. 44m 59s
    1. Creating an admin interface
      5m 25s
    2. Saving data to the database
      5m 39s
    3. Securing form submission with nonces
      2m 25s
    4. Options editing post-WordPress 2.7
      4m 8s
    5. Integrating with the WordPress admin menus
      3m 34s
    6. WordPress admin dashboard API
      4m 5s
    7. Using existing options and option editing pages in WordPress
      5m 19s
    8. Using jQuery and AJAX for administration
      14m 24s
  7. 27m 13s
    1. Accessing the WordPress database
      5m 45s
    2. Using the built-in schema
      2m 21s
    3. Accessing data using $wpdb
      5m 15s
    4. Creating new tables
      7m 18s
    5. Inserting data
      6m 34s
  8. 26m 27s
    1. Introducing the Loop
      6m 22s
    2. Using WP_Query()
      3m 11s
    3. Custom filtering and sticky posts
      4m 58s
    4. Using jQuery and AJAX for posts and pages
      11m 56s
  9. 12m 9s
    1. Registering and promoting plugins
      2m 28s
    2. Creating an uninstall function
      5m 53s
    3. Backward compatibility issues
      3m 48s
  10. 15m 3s
    1. Understanding security issues
      11m 20s
    2. Internationalizing your plugin
      3m 43s
  11. 18s
    1. Goodbye
      18s

Watch this entire course now—plus get access to every course in the library. Each course includes high-quality videos taught by expert instructors.

Become a member
Please wait...
WordPress: Creating Custom Widgets and Plugins with PHP
3h 51m Intermediate Nov 04, 2010

Viewers: in countries Watching now:

In WordPress: Creating Custom Widgets and Plugins with PHP, Drew Falkman teaches PHP developers how to create custom functionality for WordPress 2.0 through 3.0 using widgets and plugins. This course starts by installing and setting up WordPress 3.0 on both Mac and Windows, then provides an in-depth look at tasks related to these WordPress add-ons: installing and administering, building and customizing, creating editable options and database tables, working with posts and pages, and utilizing jQuery and AJAX. There are also tutorials dedicated to promoting a widget or plugin, adding security, and localizing the interface. Exercise files are included with the course.

Topics include:
  • Installing WPI and MAMP server solutions
  • Administering WordPress plugins
  • Introducing hooks
  • Writing the PHP for a plugin
  • Using template tags and shortcode
  • Building a new widget
  • Creating an admin interface
  • Accessing the WordPress database
  • Using jQuery and AJAX for posts and pages
  • Registering and promoting plugins
Subjects:
Developer Web CMS
Software:
WordPress
Author:
Drew Falkman

Inserting data

If you've created your own table in WordPress, you can insert and update data from it using the same wp_db class we used to get data out. We'll look at how to use the functions to do that, and I also want to discuss how to protect your application from SQL injection attacks. A quick note: just because you can insert an update directly to the WordPress database, it's a better practice to use the functions that are there to do this. That way if the table names ever change in future versions, your code won't break. So this is our plugin that we've created to detect browsers.

Currently, we have a database that's been created. Now we can use this plugin functionality to actually go in and update the database whenever a new user comes to the web site. So let's create a statement that's going to insert data into our database table. So the first step is we are going to create a function, and this is really going to be the hook that's going to be called. We are going to set it to the wp_footer hook. That action is used when the footer is generated, so it's a good time to essentially insert into our database that a new user has come to the web site. So I am going to call the function bdetector_insert_useragent.

Again, I am going to use the wpdb class to access my data. So I am going to declare it in the global scope. So, now I have access to it. I am going to create my table name and set it equal to wpdb->prefix, and I am going to add on bdetector. The next step is to use the insert function of the wpdb class to insert the data into the database. This is what it looks like: wpdb insert.

You pass the table_name that you want to insert into, and then you create an array, and in that array are going to be all the fields that you want to enter and their values. So it's going to be an associative array. So it looks like this, array. We are going to enter the user_ agent, and I didn't just make that up; this is this field here that I created earlier in my database. I am going to set the value to the $_SERVER string--this is a global PHP variable--and I'm going to get the HTTP_USER_AGENT.

There are number of things in that server scope, and most of these are obtained from browser header. So this should then insert that data into the database. The last thing I need to do is simply register this in a wp_footer action. So I'll call the add_action function, pass wp_footer, and I am going to call bdetector_insert_useragent. The next time I visit this site, this data should get inserted into the table.

So let's go ahead and visit our site and see what happens. So, I am going to open our site from the WordPress admin by clicking on the title. That should have loaded it. You can see it loaded. So hopefully it should be entered into the database. I can go in to my MAMP screen. This is my table from my database. If I click on the Browse tab, it should make a selection and get data out, and you can see indeed it did. It gave it an id of 1, it inserted the hit_date because I told it to default to the current date and time when the data was entered, and it input my user_agent.

So you can see I am using this Mozilla /5.0, which is Firefox browser, and it tells me my operating system, and there's a bunch of other information we can glean from this at a later date when we build the reporting tools. One other note: when you do insert like this, you can always access the data that was inserted by referring to the insert_id property of wpdb. So if you need to get that for any reason, you can access it using this methodology.

One other thing to go over quickly is in order to secure things, you want to make sure that you specify the types that come in. In this example, we're getting something from a server scope, but if we are getting something that's user entered, it's possible that they can do what's called the SQL injection attack. What this will do is they essentially append SQL on here that can do deleterious things to your database. It's not something to be looking forward to, and the way you can get around this is this insert method actually allows you to pass what types of data you're entering as variables.

So that way anything that comes it will verify that the date you entered is indeed the right type. So what you do is you add another argument after this and you specify for the array what the different data types are, and they're always going to start with the percent sign, and then you can do S for a string, D for decimal, and F for a Float, so I would add an array. Since I am just inserting the single string, I am just going to verify that this is a string. That will enforce this data type and make sure that no one entered any SQL into here.

So if I were to run it again, it would work the same way, and you'd see it enters another bit of data, but in that instance it verified that it was that type of data. There is also a prepare method that you can use if you're doing a select statement. It's not necessary to insert an update because they're safe; however, if you're running a select query with dynamic variables, it's good to use the prepare statement. It works in basically the same way, only you write your SQL and afterwards, you append an array of the values you need.

There is further information if you look in the function reference for wpdb. You should be able to find the information about that function. So, the WordPress wpdb has insert and update methods that essentially allow us to enter data into the database safely and easily. We can also use the prepare method to clean other dynamic SQL statements. The update method works basically the same way. The difference is there's a third argument to the update method that will take the where clause information-- essentially the ID and value that you want to use to update--and then your data types will be in the fourth argument.

We'll look at the prepare statement, and we'll talk more about SQL injection hacks when we get into the Security video later on. So the WordPress database class comes with some special functions--insert and update--to edit the data in your database. This can be extremely helpful, and it can also keep you secure from SQL injection hacks.

Find answers to the most frequently asked questions about WordPress: Creating Custom Widgets and Plugins with PHP.


Expand all | Collapse all
Please wait...
Q: Do I need a web hosting service for this course?
A: You don't need a hosting site to do any testing or development work that’s covered in this course. However, if you want to have your WordPress site available to the public, you will most definitely need a WordPress site. If you are hosting with an independent company, they will need to have PHP and MySQL installed, and there will be some configuration differences, but basically, you can upload anything on your local version to the web site. If you are hosting with Wordpress.com, you will need to add your plugins by uploading them manually through the WP Admin Plugin screen.
Share a link to this course
Please wait... Please wait...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.
Upgrade now


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Upgrade now

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress: Creating Custom Widgets and Plugins with PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Welcome to the redesigned course page.

We’ve moved some things around, and now you can



Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked