I cannot use %s in my prepared statement.
echo $get_where; // returns: edited = 1
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE %s", $get_where)
);
This code returns an empty array. But when I use $get_where instead of %s (see code bellow), then it returns all the results from the database.
// This works
echo $get_where; // returns: edited = 1
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE edited = 1", $get_where)
);
Why wouldn't it work with %s?
WordPress while uses the sprintf() syntax, it actually works like prepared statements. As such you can only pass the value of the column you are querying against, not entire column(s) and values.
$get_uncontacted_members = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM yc_customers WHERE IFNULL(edited,'') = %s", 1)
);
Related
I have this query in my wordpress plugin. I need to check the database to get a value and compare it, but the sql seems not returning any result.
global $wpdb;
$table = $wpdb->prefix . 'order_codes';
$sql = $wpdb->prepare("SELECT * FROM $table WHERE order_code = '$order_code'");
$order_signature = $wpdb->get_results($sql, ARRAY_A);
I've done a var_dump($order_signature); but the resulting array will be always empty.
Is there something wrong in the statement?
The issue is with the use of the $order_code variable in the query. The $wpdb->prepare() method is used to prevent SQL injection by properly escaping input variables, but it seems that in this case, the variable is not being passed correctly.
Try to use this i hope problem will be solve:
global $wpdb;
$table = $wpdb->prefix . 'order_codes';
$order_code = 'your_order_code_value';
$sql = $wpdb->prepare("SELECT * FROM $table WHERE order_code = %s", $order_code);
$order_signature = $wpdb->get_results($sql, ARRAY_A);
By passing the variable correctly to the $wpdb->prepare() method, the query should return the expected results.
Why the result return is null? What is wrong? If I use this consult on directly phpmyadmin, the result is correctly.
<?php $postid = get_the_ID(); ?>
<?php
$get_thumb = $wpdb->get_var
( "SELECT meta_value FROM `wp_postmeta` WHERE `post_id` = $postid AND `meta_key` = '_wp_attached_file'" );
echo "<p>Thumb URL: {$get_thumb}</p>";
?>
I'd suggest using the $wpdb->prepare() statement to ensure the SQL query is generated correct and the $get_thumb variable is correctly set in the query.
$postid = get_the_ID();
$get_thumb = $wpdb->get_var($wpdb->prepare(
"SELECT meta_value FROM `wp_postmeta` WHERE `post_id` = %s AND `meta_key` = '_wp_attached_file'",$postid));
echo "<p>Thumb URL: {$get_thumb}</p>";
Again you can always log the SQL string generated by prepare() to ensure it matches your expectations. See https://codex.wordpress.org/Class_Reference/wpdb#Examples for more examples.
I think your syntax has some trouble, so here's your original query revised.
<?php
$get_thumb = $wpdb->get_var(
"
SELECT meta_value
FROM wp_postmeta
WHERE post_id = " . $postid . " AND meta_key = _wp_attached_file
"
);
echo "<p>Thumb URL: {$get_thumb}</p>";
?>
I made sure the PHP is echoing correctly inside the query - I am not sure if that's a problem you were having.
I do recommend the prepared query too. Here is it with what I think is correct syntax (I found it was helpful to prepare items by putting them in a $query_arg_array). See https://codex.wordpress.org/Class_Reference/wpdb.
$postid = get_the_ID();
$query_arg_array = [$postid];
$get_thumb = $wpdb->get_var($wpdb->prepare(
"
SELECT meta_value
FROM wp_postmeta
WHERE post_id = %d AND meta_key = _wp_attached_file
",
$query_arg_array
));
echo "<p>Thumb URL: {$get_thumb}</p>";
If that prepared query didn't work, try putting $postid directly as argument instead of the $query_arg_array.
Remember SQL is super sensitive so even an extra space can throw off your query.
Working traditional query:
$form_id = Caldera_Forms::get_field_data( '_entry_id', $form );
$post_id_qry = mysql_query("SELECT `meta_value` FROM wp_cf_form_entry_meta WHERE entry_id = '$form_id' and meta_key = 'ID'");
$post_id = mysql_fetch_array($post_id_qry);
echo $post_id['meta_value'];
Now when I convert over to a sprintf() to make it more secure and it returns blank. I have tried a syntax check and it came back clean. Any ideas?
$form_id = Caldera_Forms::get_field_data( '_entry_id', $form );
global $wpdb;
$post_id_qry = sprintf("SELECT `meta_value` FROM %s WHERE entry_id = %d and meta_key = 'ID'", $wpdb->prefix . 'cf_form_entry_meta', $form_id );
$post_id = $wpdb->get_results($post_id_qry);
echo $post_id['meta_value'];
$wpdb->get_results() returns an array of all the results of the query, not just a single row. And by default the rows are objects, not associative arrays. So you need to do:
echo $post_id[0]->meta_value;
to display the value.
If you want to get a single row as an associative array, use:
$post_id = $wpdb->get_row(ARRAY_A);
echo $post_id['meta_value'];
Note that WP doesn't have anything analogous to mysql_fetch_array. The options to get_row are ARRAY_A, which is like mysql_fetch_assoc, and ARRAY_N, which is like mysql_fetch_row.
I'm working on a Wordpress plugin to search through all the users by first name, last name, email etc. It is working as long as I only use 1 of the values like first name.
I need to add all the values to the select!
I already tried adding more by using ',' and OR statements but it isn't working.
$results = $wpdb->prepare("SELECT * FROM users WHERE first_name LIKE %s", "%".$_POST['search']."%");
EDIT: found it
Found it!
$results = $wpdb->prepare("SELECT * FROM users WHERE lower(first_name) LIKE lower (%s) OR lower(last_name) LIKE lower(%s) LIKE lower(%s)OR lower(postcode) LIKE lower(%s)", "%".$_POST['search']."%", "%".$_POST['search']."%");
To get a literal % to pass through $wpdb->prepare just double it. You don't need to be avoiding $wpdb->prepare.
Proof of concept:
var_dump($wpdb->prepare('SELECT * FROM {$wpdb->posts} WHERE post_title LIKE "%%%s%%"','Hello'));
So your query should be :
$results = $wpdb->prepare("SELECT * FROM users WHERE first_name LIKE %%%s%%",$_POST['search']);
(more...)
Update
Use this for imploding OR :
$var[] = 'name LIKE "%%%s%%"';
$var_data[] = 'Hello';
$var[] = 'email LIKE "%%%s%%"';
$var_data[] = 'tt#tt.tt';
$var[] = 'date LIKE "%%%s%%"';
$var_data[] = 'Howdy';
var_dump($wpdb->prepare('SELECT * FROM users WHERE '.implode(' OR ',$var),$var_data));
Are you treating the object properly? This would iterate over the values retrieved
while($row = $results->fetch_assoc()){
echo $row['username'] . '<br />';
}
I am trying to retrieve the number of rows based on this query in wordpress:
protected function wp_has_facility($fid)
{
//global $wpdb;
$fid = intval($fid);
$sql = "SELECT post_id FROM wprf_postmeta WHERE meta_value = '".$fid."' AND meta_key = 'facility_id'";
$result = mysql_query($sql) or die(mysql_error());
$num_rows = mysql_num_rows($result);
echo $num_rows;
return $num_rows;
}
$num_rows returns 0 when this function is ran.
If I echo the query string and run it in phpmyadmin, it selects successfully giving me a number of rows.
After further investigation it looks like when I hardcode the meta_value it will give me a row count. But if I'm populating the string with variables it doesn't work.
Any ideas?
This only means your table currently contains no record that satisfies both criteria.
Remarks about your code:
Concatenation is not necessary, you may replace the query with:
$sql = "SELECT post_id FROM wprf_postmeta WHERE meta_value = '$fid' AND meta_key = 'facility_id'";
mysql_* functions are deprecated, you should avoid using them as they will be removed in a future version of PHP. Here are the alternatives.