My presentation from WordCamp Brno about WordPress custom fields.

1. Digging into WordPress
Custom Fields
Magdalena Paciorek

2. What are custom fields in WordPress?

3. How is metadata saved in the database?
wp_postmeta table

4. How to display metadata on a page?
get_post_meta()
https://developer.wordpress.org/reference/functions/get_post_meta/
<p>Release date:
<?php echo get_post_meta( get_the_ID(), 'release_date', true ); ?>
</p>

5. But what will happen if somebody adds a malicious script?

6. We need to escape before we echo
esc_html(), esc_attr(), esc_url(), esc_js()
https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
<p>Release date:
<?php echo esc_html(get_post_meta( get_the_ID(), ‘release_date', true )); ?>
</p>

7. So the script can’t be executed any more

8. If we have a lot of metadata and we
call get_post_meta() function many
times on a page, does it mean we are
querying the database every time to
fetch the meta from the database?

9. WP Query
https://wordpress.tv/2014/11/15/helen-hou-sandi-so-you-know-wp_query-now-what/
SELECT SQL_CALC_FOUND_ROWS wp_posts.ID FROM wp_posts WHERE post_type = 'post' AND
(post_status = 'publish' OR post_status = 'private') ORDER BY post_date DESC LIMIT 0, 10
SELECT FOUND_ROWS()
SELECT * FROM wp_posts WHERE ID IN (5,1)
SELECT t.*, tt.*, tr.object_id FROM wp_terms AS t INNER JOIN wp_term_taxonomy AS tt
ON t.term_id = tt.term_id INNER JOIN wp_term_relationships AS tr ON tr.term_taxonomy_id =
tt.term_taxonomy_id WHERE tt.taxonomy IN ('category', 'post_tag', 'post_format') AND tr.object_id IN
(1, 5) ORDER BY t.name ASC
SELECT post_id, meta_key, meta_value FROM wp_postmeta WHERE post_id
IN (1,5) ORDER BY meta_id ASC
1
2
3
4
5

10. Object Cache
https://codex.wordpress.org/Class_Reference/WP_Object_Cache

11. get_post_meta() first checks for
meta in the cache. If it’s there, it
would retrieve it from cache.
If it’s not in cache, it sends a SQL
query to the database to fetch all
meta for given posts, updates cache
and then grabs the meta from cache.

12. We can turn off the meatadata query from WP Query
$args = array(
'update_post_meta_cache' => false
);
$query = new WP_Query( $args );
https://codex.wordpress.org/Class_Reference/WP_Query

13. Advanced Custom Fields
https://pl.wordpress.org/plugins/advanced-custom-fields/

14. How to display metadata added by ACF?
the_field(), get_field()
https://www.advancedcustomfields.com/resources/the_field/
<p>Release date:
<?php the_field( 'release_date' ); ?>
</p>

15. And what will happen if somebody adds a malicious script?

16. We should escape just like with get_post_meta()
esc_html(), esc_attr(), esc_url(), esc_js()
https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/
<p>Release date:
<?php echo esc_html( get_field( 'release_date' ) ); ?>
</p>

17. There is one more thing about the_field() i get_field()
Every time either of these functions is called, one extra SQL
query is being sent to the database.
Example:
SELECT post_id, meta_value
FROM wp_postmeta
WHERE meta_key = 'field_59ce9900201d9'

18. If we have 10 custom fields and we
call the_field() or get_field() function
10 times, we are sending 10
additional SQL queries to the
database.

19. So let’s improve it a little bit :)
just by changing the_field() to get_post_meta()
Before:
<p>Release date:
<?php echo esc_html( get_field( 'release_date' ) ); ?>
</p>
After:
<p>Release date:
<?php echo esc_html( get_post_meta( get_the_ID(), 'release_date', true ) ); ?>
</p>

20. Can we filter the posts by metadata?
WP Query - Custom Field Parameters
https://codex.wordpress.org/Class_Reference/WP_Query
Let’s say we want to display all reviews of movies directed by Woody Allen:
$args = array(
'meta_key' => 'directed_by',
'meta_value' => 'Woody Allen'
);
$query = new WP_Query( $args );

21. It is possible to query posts by
metadata. So why WordPress VIP
team considers avoiding querying
for meta_value in WP Query as a
good practice?
https://vip.wordpress.com/documentation/querying-on-meta_value/

22. WordPress postmeta table has an index on meta_key,
but not on meta_value

23. B-tree Structure
Markus Winand - http://use-the-index-luke.com/sql/anatomy/the-tree

24. We could construct WP Query in a 3 different ways
https://codex.wordpress.org/Class_Reference/WP_Query
1. //here we just query by meta_value which is not indexed
$query = new WP_Query( array( 'meta_value' => 'Woody Allen’ ) );
2. //here we query both by meta_key and meta_value, mysql can now use an index on
meta_key column
$query = new WP_Query( array( 'meta_key' => 'directed_by',
'meta_value' => 'Woody Allen’ ) );
3. //here we changed the way we use meta_keys which now hold an information about
the value, and we query only on meta_keys omitting meta_values completely
$query = new WP_Query( array( 'meta_key' => 'directed_by_woody_allen’ ) );

25. I’ve tested it on 15000 posts, each with 15 custom fields,
which sums up to over 200000 rows in wp_postmeta table
1. //1.53 s
$query = new WP_Query( array( 'meta_value' => 'Woody Allen’ ) );
2. //0.94 s
$query = new WP_Query( array( 'meta_key' => 'directed_by',
'meta_value' => 'Woody Allen’ ) );
3. //0.21 s
$query = new WP_Query( array( 'meta_key' => 'directed_by_woody_allen’ ) );
All 3 of them return the same results, but which one is the fastest?

26. A few useful links
https://codex.wordpress.org/Custom_Fields
https://metabox.io/optimizing-database-custom-fields/
https://wordpress.stackexchange.com/questions/16709/
meta-query-with-meta-values-as-serialize-arrays
https://wordpress.stackexchange.com/questions/215871/
explanation-of-update-post-meta-term-cache
https://tomjn.com/2017/02/27/not-post-meta-bad/
https://vip.wordpress.com/documentation/querying-on-meta_value/

27. Thank you!
Magdalena Paciorek
paciorek.magdalena@gmail.com
https://www.linkedin.com/in/paciorekmagdalena/
https://twitter.com/magda_paciorek