Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member

Inserting data

From: WordPress: Creating Custom Widgets and Plugins with PHP

Video: Inserting data

If you've created your own table in WordPress, you can insert and update data from it using the same wp_db class we used to get data out. We'll look at how to use the functions to do that, and I also want to discuss how to protect your application from SQL injection attacks. A quick note: just because you can insert an update directly to the WordPress database, it's a better practice to use the functions that are there to do this. That way if the table names ever change in future versions, your code won't break. So this is our plugin that we've created to detect browsers.

Inserting data

If you've created your own table in WordPress, you can insert and update data from it using the same wp_db class we used to get data out. We'll look at how to use the functions to do that, and I also want to discuss how to protect your application from SQL injection attacks. A quick note: just because you can insert an update directly to the WordPress database, it's a better practice to use the functions that are there to do this. That way if the table names ever change in future versions, your code won't break. So this is our plugin that we've created to detect browsers.

Currently, we have a database that's been created. Now we can use this plugin functionality to actually go in and update the database whenever a new user comes to the web site. So let's create a statement that's going to insert data into our database table. So the first step is we are going to create a function, and this is really going to be the hook that's going to be called. We are going to set it to the wp_footer hook. That action is used when the footer is generated, so it's a good time to essentially insert into our database that a new user has come to the web site. So I am going to call the function bdetector_insert_useragent.

Again, I am going to use the wpdb class to access my data. So I am going to declare it in the global scope. So, now I have access to it. I am going to create my table name and set it equal to wpdb->prefix, and I am going to add on bdetector. The next step is to use the insert function of the wpdb class to insert the data into the database. This is what it looks like: wpdb insert.

You pass the table_name that you want to insert into, and then you create an array, and in that array are going to be all the fields that you want to enter and their values. So it's going to be an associative array. So it looks like this, array. We are going to enter the user_ agent, and I didn't just make that up; this is this field here that I created earlier in my database. I am going to set the value to the $_SERVER string--this is a global PHP variable--and I'm going to get the HTTP_USER_AGENT.

There are number of things in that server scope, and most of these are obtained from browser header. So this should then insert that data into the database. The last thing I need to do is simply register this in a wp_footer action. So I'll call the add_action function, pass wp_footer, and I am going to call bdetector_insert_useragent. The next time I visit this site, this data should get inserted into the table.

So let's go ahead and visit our site and see what happens. So, I am going to open our site from the WordPress admin by clicking on the title. That should have loaded it. You can see it loaded. So hopefully it should be entered into the database. I can go in to my MAMP screen. This is my table from my database. If I click on the Browse tab, it should make a selection and get data out, and you can see indeed it did. It gave it an id of 1, it inserted the hit_date because I told it to default to the current date and time when the data was entered, and it input my user_agent.

So you can see I am using this Mozilla /5.0, which is Firefox browser, and it tells me my operating system, and there's a bunch of other information we can glean from this at a later date when we build the reporting tools. One other note: when you do insert like this, you can always access the data that was inserted by referring to the insert_id property of wpdb. So if you need to get that for any reason, you can access it using this methodology.

One other thing to go over quickly is in order to secure things, you want to make sure that you specify the types that come in. In this example, we're getting something from a server scope, but if we are getting something that's user entered, it's possible that they can do what's called the SQL injection attack. What this will do is they essentially append SQL on here that can do deleterious things to your database. It's not something to be looking forward to, and the way you can get around this is this insert method actually allows you to pass what types of data you're entering as variables.

So that way anything that comes it will verify that the date you entered is indeed the right type. So what you do is you add another argument after this and you specify for the array what the different data types are, and they're always going to start with the percent sign, and then you can do S for a string, D for decimal, and F for a Float, so I would add an array. Since I am just inserting the single string, I am just going to verify that this is a string. That will enforce this data type and make sure that no one entered any SQL into here.

So if I were to run it again, it would work the same way, and you'd see it enters another bit of data, but in that instance it verified that it was that type of data. There is also a prepare method that you can use if you're doing a select statement. It's not necessary to insert an update because they're safe; however, if you're running a select query with dynamic variables, it's good to use the prepare statement. It works in basically the same way, only you write your SQL and afterwards, you append an array of the values you need.

There is further information if you look in the function reference for wpdb. You should be able to find the information about that function. So, the WordPress wpdb has insert and update methods that essentially allow us to enter data into the database safely and easily. We can also use the prepare method to clean other dynamic SQL statements. The update method works basically the same way. The difference is there's a third argument to the update method that will take the where clause information-- essentially the ID and value that you want to use to update--and then your data types will be in the fourth argument.

We'll look at the prepare statement, and we'll talk more about SQL injection hacks when we get into the Security video later on. So the WordPress database class comes with some special functions--insert and update--to edit the data in your database. This can be extremely helpful, and it can also keep you secure from SQL injection hacks.

Show transcript

This video is part of

Image for WordPress: Creating Custom Widgets and Plugins with PHP
 
Expand all | Collapse all
  1. 1m 49s
    1. Welcome
      1m 16s
    2. Using the exercise files
      33s
  2. 23m 29s
    1. WordPress overview
      2m 32s
    2. Installing WPI for Windows
      3m 42s
    3. Installing MAMP for the Mac
      3m 25s
    4. Installing and configuring WordPress
      5m 51s
    5. Comparing WordPress 3.0 with previous versions
      2m 57s
    6. Setting up a PHP/WordPress development environment
      5m 2s
  3. 14m 47s
    1. Exploring WordPress plugins
      3m 42s
    2. Administering plugins from the WordPress admin
      5m 23s
    3. Exploring where plugins reside
      2m 51s
    4. Introduction to hooks
      2m 51s
  4. 39m 28s
    1. Creating the plugin PHP file(s)
      3m 12s
    2. More on hooks: Actions and filters
      3m 15s
    3. Installation and activation
      4m 6s
    4. Writing activation code
      3m 45s
    5. Writing an action
      5m 12s
    6. Writing a filter
      4m 15s
    7. About pluggable functions
      2m 1s
    8. Writing a pluggable function
      5m 30s
    9. Using template tags
      2m 46s
    10. Introducing shortcode
      5m 26s
  5. 26m 2s
    1. Widgets and the WordPress Widgets SubPanel
      2m 54s
    2. Comparing widgets and plugins
      1m 8s
    3. Using and customizing built-in widgets
      3m 18s
    4. Creating a new widget
      7m 21s
    5. Writing the constructor and registering widgets
      5m 20s
    6. Enabling configuration of widgets
      6m 1s
  6. 44m 59s
    1. Creating an admin interface
      5m 25s
    2. Saving data to the database
      5m 39s
    3. Securing form submission with nonces
      2m 25s
    4. Options editing post-WordPress 2.7
      4m 8s
    5. Integrating with the WordPress admin menus
      3m 34s
    6. WordPress admin dashboard API
      4m 5s
    7. Using existing options and option editing pages in WordPress
      5m 19s
    8. Using jQuery and AJAX for administration
      14m 24s
  7. 27m 13s
    1. Accessing the WordPress database
      5m 45s
    2. Using the built-in schema
      2m 21s
    3. Accessing data using $wpdb
      5m 15s
    4. Creating new tables
      7m 18s
    5. Inserting data
      6m 34s
  8. 26m 27s
    1. Introducing the Loop
      6m 22s
    2. Using WP_Query()
      3m 11s
    3. Custom filtering and sticky posts
      4m 58s
    4. Using jQuery and AJAX for posts and pages
      11m 56s
  9. 12m 9s
    1. Registering and promoting plugins
      2m 28s
    2. Creating an uninstall function
      5m 53s
    3. Backward compatibility issues
      3m 48s
  10. 15m 3s
    1. Understanding security issues
      11m 20s
    2. Internationalizing your plugin
      3m 43s
  11. 18s
    1. Goodbye
      18s

Start learning today

Get unlimited access to all courses for just $25/month.

Become a member
Sometimes @lynda teaches me how to use a program and sometimes Lynda.com changes my life forever. @JosefShutter
@lynda lynda.com is an absolute life saver when it comes to learning todays software. Definitely recommend it! #higherlearning @Michael_Caraway
@lynda The best thing online! Your database of courses is great! To the mark and very helpful. Thanks! @ru22more
Got to create something yesterday I never thought I could do. #thanks @lynda @Ngventurella
I really do love @lynda as a learning platform. Never stop learning and developing, it’s probably our greatest gift as a species! @soundslikedavid
@lynda just subscribed to lynda.com all I can say its brilliant join now trust me @ButchSamurai
@lynda is an awesome resource. The membership is priceless if you take advantage of it. @diabetic_techie
One of the best decision I made this year. Buy a 1yr subscription to @lynda @cybercaptive
guys lynda.com (@lynda) is the best. So far I’ve learned Java, principles of OO programming, and now learning about MS project @lucasmitchell
Signed back up to @lynda dot com. I’ve missed it!! Proper geeking out right now! #timetolearn #geek @JayGodbold
Share a link to this course

What are exercise files?

Exercise files are the same files the author uses in the course. Save time by downloading the author's files instead of setting up your own files, and learn by following along with the instructor.

Can I take this course without the exercise files?

Yes! If you decide you would like the exercise files later, you can upgrade to a premium account any time.

Become a member Download sample files See plans and pricing

Please wait... please wait ...
Upgrade to get access to exercise files.

Exercise files video

How to use exercise files.

Learn by watching, listening, and doing, Exercise files are the same files the author uses in the course, so you can download them and follow along Premium memberships include access to all exercise files in the library.


Exercise files

Exercise files video

How to use exercise files.

For additional information on downloading and using exercise files, watch our instructional video or read the instructions in the FAQ.

This course includes free exercise files, so you can practice while you watch the course. To access all the exercise files in our library, become a Premium Member.

Join now "Already a member? Log in

Are you sure you want to mark all the videos in this course as unwatched?

This will not affect your course history, your reports, or your certificates of completion for this course.


Mark all as unwatched Cancel

Congratulations

You have completed WordPress: Creating Custom Widgets and Plugins with PHP.

Return to your organization's learning portal to continue training, or close this page.


OK
Become a member to add this course to a playlist

Join today and get unlimited access to the entire library of video courses—and create as many playlists as you like.

Get started

Already a member?

Become a member to like this course.

Join today and get unlimited access to the entire library of video courses.

Get started

Already a member?

Exercise files

Learn by watching, listening, and doing! Exercise files are the same files the author uses in the course, so you can download them and follow along. Exercise files are available with all Premium memberships. Learn more

Get started

Already a Premium member?

Exercise files video

How to use exercise files.

Ask a question

Thanks for contacting us.
You’ll hear from our Customer Service team within 24 hours.

Please enter the text shown below:

The classic layout automatically defaults to the latest Flash Player.

To choose a different player, hold the cursor over your name at the top right of any lynda.com page and choose Site preferencesfrom the dropdown menu.

Continue to classic layout Stay on new layout
Exercise files

Access exercise files from a button right under the course name.

Mark videos as unwatched

Remove icons showing you already watched videos if you want to start over.

Control your viewing experience

Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.

Interactive transcripts

Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.

Are you sure you want to delete this note?

No

Your file was successfully uploaded.

Thanks for signing up.

We’ll send you a confirmation email shortly.


Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

Keep up with news, tips, and latest courses with emails from lynda.com.

Sign up and receive emails about lynda.com and our online training library:

Here’s our privacy policy with more details about how we handle your information.

   
submit Lightbox submit clicked
Terms and conditions of use

We've updated our terms and conditions (now called terms of service).Go
Review and accept our updated terms of service.