I'm creating a custom form to update rows in a secondary MYSQL DB, different from the one of wordpress. This form is public and every user can access it. So I've created a plugin and I'm using also wpdb to connect with the database.
How can I do this in a secure way?
I'm using sanitize_text_field() and then wpdb->update(). Is this safe or should I use esc_sql()?
If I can't use wpdb->update() because I need to have some != fields in where clauses, is it ok to use sanitize_text_field(), then wpdb->prepare() and then wpdb->query()?