php - Wordpress plugin: a safe way to store mySQL query contitions -

lets want create wordpress plugin, data plugins custom table in wordpress database , add content each post. woul propably someting this: select * $my_table time between $prevoius_post_time , $current_post_time order time limit 5000

there should way modify query posts editor add additional filters this, end like:

select * $my_table time between $prevoius_post_time , $current_post_time && $filter order time limit 5000,

where $filer filterrow1 != 300 && filterrow2 >=7, created using form ($_post) in backend before publishing new post.

now not sure store $filer variable, little bit afraid of sql injections etc. safe enough store $filer in posts meta via update_post_meta() , receive get_post_meta() function before actual query?

or missing other , better way? since filters may complex, dont see way of storing $filter array $key => $value , generate whole filter on each request.

hei. can use $filter = mysql_real_escape_string($filter); or can use $wpdb prepare function (look wordpress manual). takes care of sql injections.