$wpdb is a PHP global variable that holds the WordPress database object, which is actually an instantiation of the wpdb class.
$wpdb is used to manipulate custom database tables with security (prevent SQL injection attacks etc). If you want to manipulate common WordPress tables, use WP_Query instead.
Accessing the database directly should be avoided
The following code is valid, but you must always avoid it:
/**
* Insert customer.
*
* @param string $firstname - Customer first name.
* @param string $lastname - Customer last name.
*
* @return int|string
*/
function insert_customer(
string $firstname,
string $lastname,
):int|string {
$conn = new mysqli( 'db_server', 'db_user', 'db_passwd', 'db_name' );
$sql = 'INSERT INTO customers (firstname, lastname) VALUES (?,?)';
/* Prepare statement */
$stmt = $conn->prepare( $sql );
/* Bind parameters. Types: s = string, i = integer, d = double, b = blob */
$stmt->bind_param( 'ss', $firstname, $lastname );
/* Execute statement */
$stmt->execute();
$insert_id = $stmt->insert_id;
$stmt->close();
return $insert_id;
}
Use $wpdb instead:
/**
* Insert customer.
*
* @param string $firstname - Customer first name.
* @param string $lastname - Customer last name.
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @return int|string
*/
function insert_customer(
string $firstname,
string $lastname,
):int|string {
global $wpdb;
$wpdb->show_errors(); // optional
$bind_params = array(
'firstname' => $firstname,
'lastname' => $lastname,
);
$params_type = array( '%s', '%s' ); // %s for string %d for digits etc
$wpdb->insert( 'customers', $bind_params, $params_type );
return $wpdb->insert_id;
}
References
- https://developer.wordpress.org/reference/classes/wpdb
- https://developer.wordpress.org/reference/classes/wp_query/
- Data Validation (must read)
Video
Entrepreneur | Full-stack developer | Founder of MediSign Ltd. I have over 15 years of professional experience designing and developing web applications. I am also very experienced in managing (web) projects.
