Use of LIKE ‘%%%s%%’ | WordPress.org

Craig Francis
(@craigfrancis)

1 year, 2 months ago
Hi,

At the moment your plugin uses 2 instances of "%%%s%%", e.g.
```
$wpdb->prepare(' […] WHERE CONCAT(domain, path) LIKE "%%%s%%" […] ', $search
```
While this is fine at the moment, it is an undocumented “feature” that should be removed in the future.

The wpdb::prepare() documentation notes that percentage wildcards cannot be inserted directly into the SQL, and instead the complete LIKE string should be provided via the arguments, e.g.
```
$search_like = '%' . $wpdb->esc_like( $search ) . '%';

$wpdb->prepare(' […] WHERE CONCAT(domain, path) LIKE %s […] ', $search_like )
```
It’s undocumented because the "%%" should only provide a single literal percentage sign, and not cause the following "%s" to be unquoted.

The topic ‘Use of LIKE ‘%%%s%%’’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: Craig Francis
Last activity: 1 year, 2 months ago
Status: not resolved