Use of LIKE ‘%%%s%%’

  • Hi,

    At the moment your plugin has 2 cases where you use “%%%s”, e.g.

    WLSM_M_School.php
$wpdb->prepare( 'SELECT c.ID, c.label FROM ' . WLSM_CLASSES . ' as c WHERE c.label LIKE "%%%s%%"', $wpdb->esc_like( $keyword ) )

WLSM_M_Staff_Class.php
...WHERE sf.school_id = %d AND a.is_active = 1 AND a.name LIKE "%%%s%%"'

    While this is fine at the moment, but it is an undocumented “feature” that should be removed in the future.

    The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.

    '... c.label LIKE %s',
'%' . $wpdb->esc_like( $keyword ) . '%'

    It’s undocumented because the “%%” should only provide a single literal percentage sign, and not cause the following “%s” to be unquoted.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author weblizar

    (@weblizar)

    Hello @craigfrancis,

    Thanks for using our The School Management plugin.

    Thanks for bringing this up. we will look into it in the upcoming update and update it accordingly.

    Thanks and Best regards

    Thread Starter Craig Francis

    (@craigfrancis)

    Great, thanks for updating.

    Minor thing, and isn’t a problem, but you only need a single ‘%’ with:

    "%%".$wpdb->esc_like( $keyword )."%%"
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.