Use of LIKE ‘%%%s%%’

  • Resolved Craig Francis

    (@craigfrancis)


    2 years, 1 month ago

    Hi,

    At the moment your plugin uses 6 instances of "%%%s%%" in likebtn_like_button.php, e.g.

    $query_where .= ' AND LOWER(p.value) LIKE "%%%s%%" ';

    While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.

    The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.

    $query_where .= ' AND LOWER(p.value) LIKE %s ';

[...]

$query_parameters[] = '%' . $wpdb->esc_like( strtolower( $post_title ) ) . '%';

    It’s undocumented because the “%%” should only provide a single literal percentage sign, and not cause the following “%s” to be unquoted.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.