To run custom database queries safely and efficiently in WordPress, use the built-in wpdb class. 1. Use the global variable $wpdb and understand its basic properties such as $wpdb->prefix; 2. Use the $wpdb->prepare() method to prevent SQL injection when running SELECT queries, and select get_results, get_row or get_var according to the number of results; 3. Use insert(), update() and delete() methods when inserting, updating and deleting data, and ensure the format is correct; 4. Check last_error and last_query during debugging to handle errors; 5. Pay attention to performance and security best practices, such as avoiding original queries, filtering and escaping input and output, using indexes and paging to process large data sets.
When you need to run custom database queries in WordPress, the wpdb class is your go-to tool. It's a built-in PHP class that allows you to interact directly with the WordPress database safely and efficiently. While it's powerful, using it correctly requires understanding a few key practices.
Understanding the Basics of $wpdb
The wpdb class is already instantiated as a global variable called $wpdb . You can access it by declaring global $wpdb; at the top of your function or script. This object gives you direct access to the current site's database tables.
Some basic properties you might use:
-
$wpdb->prefix– the table prefix (likewp_) -
$wpdb->base_prefix– the original prefix before any dynamic changes -
$wpdb->dbname,$wpdb->dbuser, etc. – for connection details (rarely needed)
You typically don't need to create a new instance — just use the global one.
Running SELECT Queries Safely
For retrieving data from the database, use $wpdb->get_results() or $wpdb->get_row() depending on how many results you expect.
Best practice: Always use placeholders and the $wpdb->prepare() method to avoid SQL injection:
global $wpdb;
$user_id = 123;
$results = $wpdb->get_results( $wpdb->prepare(
"SELECT * FROM {$wpdb->prefix}users WHERE ID = %d",
$user_id
) );-
%dis for integers -
%sis for strings -
%fis for floats
This ensures values are properly escaped and safe to use.
If you're only expecting one row:
$row = $wpdb->get_row( $wpdb->prepare(
"SELECT user_login FROM {$wpdb->prefix}users WHERE ID = %d",
$user_id
) );And if you want a single value:
$username = $wpdb->get_var( $wpdb->prepare(
"SELECT user_login FROM {$wpdb->prefix}users WHERE ID = %d",
$user_id
) );Inserting, Updating, and Deleting Data
For modifying data, $wpdb provides helper methods like insert() , update() , and delete() .
These methods accept table names, data arrays, and where certificates, and they return the number of affected rows or false on failure.
Example of inserting a row:
global $wpdb;
$data = array(
'name' => 'John Doe',
'email' => 'john@example.com'
);
$format = array(
'%s', // name is a string
'%s' // email is a string
);
$wpdb->insert( 'my_custom_table', $data, $format );Updating a record:
$wpdb->update(
'my_custom_table',
array( 'email' => 'new_email@example.com' ),
array( 'id' => 123 ), // where clause
array( '%s' ),
array( '%d' )
);Deleting records:
$wpdb->delete(
'my_custom_table',
array( 'id' => 123 ),
array( '%d' )
);Using these methods helps keep your code clean and reduces chances of errors.
Debugging and Error Handling
By default, WordPress doesn't show database errors unless you enable debugging.
To check for errors during query execution, use $wpdb->last_error after running a query:
$results = $wpdb->get_results("SELECT * FROM non_existing_table");
if ( ! $results ) {
echo 'Database error: ' . $wpdb->last_error;
}Also useful:
-
$wpdb->last_query– show the last executed query -
$wpdb->print_error()– outputs the last error message (not recommended in production)
In development, consider setting define('WP_DEBUG', true); in wp-config.php to catch more issues early.
Final Notes on Performance and Security
A few things to keep in mind when working with $wpdb :
- Avoid raw queries when built-in functions exist (eg,
get_post_meta()instead of querying postmeta directly) - Always sanitize input and escape output
- Use indexes in custom tables for faster looksups
- Be cautious with large datasets – pagination (
LIMIT,OFFSET) helps prevent timeouts
Using $wpdb effectively comes down to knowing when to use it and how to protect yourself from common pitfalls. Keep your queries simple, secure, and well-structured, and you'll be fine.
Basically that's it.
The above is the detailed content of How to use the wpdb class for custom queries. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to revert WordPress core update
Jul 02, 2025 am 12:05 AM
To roll back the WordPress version, you can use the plug-in or manually replace the core file and disable automatic updates. 1. Use WPDowngrade and other plug-ins to enter the target version number to automatically download and replace; 2. Manually download the old version of WordPress and replace wp-includes, wp-admin and other files through FTP, but retain wp-config.php and wp-content; 3. Add code in wp-config.php or use filters to disable core automatic updates to prevent further upgrades. Be sure to back up the website and database before operation to ensure safety and reliability. It is recommended to keep the latest version for security and functional support in the long term.
How to create a custom shortcode in WordPress
Jul 02, 2025 am 12:21 AM
The steps to create a custom shortcode in WordPress are as follows: 1. Write a PHP function through functions.php file or custom plug-in; 2. Use add_shortcode() to bind the function to the shortcode tag; 3. Process parameters in the function and return the output content. For example, when creating button shortcodes, you can define color and link parameters for flexible configuration. When using it, you can insert a tag like [buttoncolor="red"url="https://example.com"] in the editor, and you can use do_shortcode() to model it
How to diagnose high CPU usage caused by WordPress
Jul 06, 2025 am 12:08 AM
The main reasons why WordPress causes the surge in server CPU usage include plug-in problems, inefficient database query, poor quality of theme code, or surge in traffic. 1. First, confirm whether it is a high load caused by WordPress through top, htop or control panel tools; 2. Enter troubleshooting mode to gradually enable plug-ins to troubleshoot performance bottlenecks, use QueryMonitor to analyze the plug-in execution and delete or replace inefficient plug-ins; 3. Install cache plug-ins, clean up redundant data, analyze slow query logs to optimize the database; 4. Check whether the topic has problems such as overloading content, complex queries, or lack of caching mechanisms. It is recommended to use standard topic tests to compare and optimize the code logic. Follow the above steps to check and solve the location and solve the problem one by one.
How to optimize WordPress without plugins
Jul 05, 2025 am 12:01 AM
Methods to optimize WordPress sites that do not rely on plug-ins include: 1. Use lightweight themes, such as Astra or GeneratePress, to avoid pile-up themes; 2. Manually compress and merge CSS and JS files to reduce HTTP requests; 3. Optimize images before uploading, use WebP format and control file size; 4. Configure.htaccess to enable browser cache, and connect to CDN to improve static resource loading speed; 5. Limit article revisions and regularly clean database redundant data.
How to minify JavaScript files in WordPress
Jul 07, 2025 am 01:11 AM
Miniving JavaScript files can improve WordPress website loading speed by removing blanks, comments, and useless code. 1. Use cache plug-ins that support merge compression, such as W3TotalCache, enable and select compression mode in the "Minify" option; 2. Use a dedicated compression plug-in such as FastVelocityMinify to provide more granular control; 3. Manually compress JS files and upload them through FTP, suitable for users familiar with development tools. Note that some themes or plug-in scripts may conflict with the compression function, and you need to thoroughly test the website functions after activation.
How to use the Transients API for caching
Jul 05, 2025 am 12:05 AM
TransientsAPI is a built-in tool in WordPress for temporarily storing automatic expiration data. Its core functions are set_transient, get_transient and delete_transient. Compared with OptionsAPI, transients supports setting time of survival (TTL), which is suitable for scenarios such as cache API request results and complex computing data. When using it, you need to pay attention to the uniqueness of key naming and namespace, cache "lazy deletion" mechanism, and the issue that may not last in the object cache environment. Typical application scenarios include reducing external request frequency, controlling code execution rhythm, and improving page loading performance.
How to use object caching for persistent storage
Jul 03, 2025 am 12:23 AM
Object cache assists persistent storage, suitable for high access and low updates, tolerating short-term lost data. 1. Data suitable for "persistence" in cache includes user configuration, popular product information, etc., which can be restored from the database but can be accelerated by using cache. 2. Select a cache backend that supports persistence such as Redis, enable RDB or AOF mode, and configure a reasonable expiration policy, but it cannot replace the main database. 3. Set long TTL or never expired keys, adopt clear key name structure such as user:1001:profile, and update the cache synchronously when modifying data. 4. It can combine local and distributed caches to store small data locally and big data Redis to store big data and use it for recovery after restart, while paying attention to consistency and resource usage issues.
How to prevent comment spam programmatically
Jul 08, 2025 am 12:04 AM
The most effective way to prevent comment spam is to automatically identify and intercept it through programmatic means. 1. Use verification code mechanisms (such as Googler CAPTCHA or hCaptcha) to effectively distinguish between humans and robots, especially suitable for public websites; 2. Set hidden fields (Honeypot technology), and use robots to automatically fill in features to identify spam comments without affecting user experience; 3. Check the blacklist of comment content keywords, filter spam information through sensitive word matching, and pay attention to avoid misjudgment; 4. Judge the frequency and source IP of comments, limit the number of submissions per unit time and establish a blacklist; 5. Use third-party anti-spam services (such as Akismet, Cloudflare) to improve identification accuracy. Can be based on the website
