WordPress.org

Resolved Craig Francis
(@craigfrancis)

1 year, 9 months ago
Hi,

At the moment your plugin uses 1 instance of "%%%s%%", i.e.
```
$wpdb->prepare( '[…] LIKE "%%%s%%"', $keyword );
```
While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.

The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.
```
$search_like = '%' . $wpdb->esc_like( $keyword ) . '%';

$wpdb->prepare( '[…] LIKE %s', $search_like );
```
It’s undocumented because the "%%" should only provide a single literal percentage sign, and not cause the following "%s" to be unquoted.
- This topic was modified 1 year, 9 months ago by Craig Francis.
- This topic was modified 1 year, 9 months ago by Craig Francis.
- This topic was modified 1 year, 9 months ago by Craig Francis.

The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Craig Francis
Last activity: 1 year, 9 months ago
Status: resolved