$wpdb->prepare()

WordPress database query preparation method that safely parameterizes SQL queries.

How it works

WordPress database query preparation method that safely parameterizes SQL queries.

Never interpolate variables into SQL. Always use prepare() with %s (string) or %d (integer) placeholders.

WP HealthKit checks for $wpdb->prepare()-related vulnerabilities automatically

What Is $wpdb->prepare()? — WordPress Security Glossary | WP HealthKit