is this safe enough? Or should it be improved? Is this code protected for SQL injection? (PHP) Answer I take it for granted that $wpdb is from the WordPress project. Then as explained by the documentation, the very purpose of these placeholders is to prevent SQL injections. Hence you can consider your code safe against SQL injections. Personally I like