WordPress.org

Resolved Craig Francis
(@craigfrancis)

1 year, 9 months ago
Hi,

At the moment your plugin has 11 cases where you use “%%%s”, e.g.
```
class-wpsc-dictionary.php
$wpdb->prepare('SELECT id, word FROM ' . $table_name . ' WHERE word LIKE "%%%s%%"', $search)
```
While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.

The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.
```
$wpdb->prepare('SELECT id, word FROM ' . $table_name . ' WHERE word LIKE %s', '%' . $wpdb->esc_like( $search ) . '%')
```
It’s undocumented because the “%%” should only provide a single literal percentage sign, and not cause the following “%s” to be unquoted.

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author WP Spell Check
(@wpspellcheck)

1 year, 8 months ago

Hi @craigfrancis, Thanks for reporting this. They were fixed on our last release.

Thanks

Thread Starter Craig Francis
(@craigfrancis)

1 year, 8 months ago

Thank you for making the update, I really appreciate it.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Craig Francis
Last activity: 1 year, 8 months ago
Status: resolved