original question
if I use the get_results() functions is this safe enough from mysql injection attacks?
global $wpdb;
$wpdb->get_results("select * from tableA where B = C");
Or should this have some kind of prepare first?
What’s the best practice?
How should we do it in our present time December 2021 ?
update
so I should use this instead?
global $wpdb;
$my_variable = "sometext";
$prep = $wpdb->prepare("select * from tableA where B = %s", $my_variable);
$wpdb->query($prep);