It’s best practice to always use prepare but the main use of it is to prevent against SQL injection attacks, and since there is no input from the users/visitors or they can’t effect the query then that is not an issue in your current example.
But like I said before it’s best practice to use it and once you start using it you never stop, so in your example you can use it like so:
1 2 3 4 | global $wpdb; $tablename = $wpdb->prefix . "my_custom_table"; $sql = $wpdb->prepare( "SELECT * FROM %s ORDER BY date_created DESC",$tablename ); $results = $wpdb->get_results( $sql , ARRAY_A ); |
If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@]gmail.com. Your question and answer will appear on FreeWebMentor.com and help other developers.
