Use of LIKE ‘%%%s%%’
-
Hi,
At the moment your plugin uses 6 instances of
"%%%s%%"
in likebtn_like_button.php, e.g.$query_where .= ' AND LOWER(p.value) LIKE "%%%s%%" ';
While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.
The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete
LIKE
string should be provided via the arguments, e.g.$query_where .= ' AND LOWER(p.value) LIKE %s '; [...] $query_parameters[] = '%' . $wpdb->esc_like( strtolower( $post_title ) ) . '%';
It’s undocumented because the “%%” should only provide a single literal percentage sign, and not cause the following “%s” to be unquoted.
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.