[wp-trac] [WordPress Trac] #11318: $wpdb->prepare() Chokes on LIKE conditions?
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 4 22:56:20 UTC 2009
#11318: $wpdb->prepare() Chokes on LIKE conditions?
--------------------------+-------------------------------------------------
Reporter: miqrogroove | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Database | Version: 2.8.4
Severity: normal | Resolution: worksforme
Keywords: |
--------------------------+-------------------------------------------------
Changes (by dd32):
* status: new => closed
* resolution: => worksforme
* milestone: 3.0 =>
Comment:
Due to Prepare utilising the printf syntax of '%s' and alike, Its
impossible to simply add a single % to a query.
You only need to use Prepare() when making a query which has params, not a
hardcoded query.
The 2 options are:
1. escape the % in printf style: {{{var_dump($wpdb->prepare("SELECT 1
WHERE col1 LIKE 'image%%'"));}}}
2. add it as a param: {{{var_dump($wpdb->prepare("SELECT 1 WHERE col1
LIKE %s", 'image%'));}}}
Closing as worksforme, as those 2 options work around it. Its not worth
implementing our own vsprintf just for that single function, If it can be
done in other ways.. i think its worth it due to the benefits which the
current implementation brings.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11318#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list