Title: Recommended WP Core INSERT Query Method
Last modified: September 1, 2016

---

# Recommended WP Core INSERT Query Method

 *  [WebTechGlobal](https://wordpress.org/support/users/webtechglobal/)
 * (@webtechglobal)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/recommended-wp-core-insert-query-method/)
 * My data importer accepts any .csv file. So I cannot predict the number of columns
   or their titles/headers.
 * WP core insert() does not escape single quotes despite everything I read indicating
   that using $wpdb->insert() prepares the INSERT. The codex states the following
   but the only way to avoid a MySQL error is to escape individual values…
 * > (array) Data to insert (in column => value pairs). Both $data columns and $
   > data values should be “raw” (neither should be SQL escaped).
 * What would be the recommended approach to using prepare() and possibly PDO within
   the WordPress environment? Keeping in mind I would need to add a number of placeholders
   based on the users .csv file.
 * I’m considering eval() to build the prepare() line but surely that is not safe?
 * mysql_real_escape_string() allows the import, escaping single quote, however 
   it is depreciated.
 * Thanks community.

Viewing 1 replies (of 1 total)

 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [9 years, 10 months ago](https://wordpress.org/support/topic/recommended-wp-core-insert-query-method/#post-7622597)
 * `$wpdb->insert()` really does call `$wpdb->prepare()` internally, so something
   else is going on. I’m able to use `$wpdb->insert()` to place unescaped data containing
   single quotes without any issue in a quick test. I suspect there’s something 
   wrong with how your data is being setup for `$wpdb->insert()`. Try var_dumping
   the data (and format if applicable) array provided to `$wpdb->insert()` from 
   a simple .csv file that includes single quotes in the string values. It should
   be apparent what the problem is.
 * The var_dump output may look a little strange, for example:
    `'column_name' =
   > string 'O'Brien' (length=7)` the 3 single quotes is OK, the outer single quotes
   are an artifact of the var_dump output, which does not need to fit PHP syntax
   rules. (“O’Brien” is the test value I used to check `$wpdb->insert()`)

Viewing 1 replies (of 1 total)

The topic ‘Recommended WP Core INSERT Query Method’ is closed to new replies.

## Tags

 * [database](https://wordpress.org/support/topic-tag/database/)
 * [query](https://wordpress.org/support/topic-tag/query/)

 * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/)
 * 1 reply
 * 2 participants
 * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * Last activity: [9 years, 10 months ago](https://wordpress.org/support/topic/recommended-wp-core-insert-query-method/#post-7622597)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics