wpdb->insert: do I need to prepare against SQL injection?

Do I need to use wpdb prepare before wpdb->insert?

If I am inserting values into a wordpress table using wpdb->insert, do I need to “clean” my data before inserting it or does this method (wpdb->insert) do that for me?

Solutions Collecting From Web of "wpdb->insert: do I need to prepare against SQL injection?"

No, you shouldn’t prepare or escape the data, this is done for you by the wpdb class.

From the wpdb class reference:


(array) Data to insert (in column => value pairs). Both $data columns and $data values should be “raw” (neither should be SQL escaped).

If, however, you were writing your own SQL rather than using the insert method, then yes, you should escape using prepare.