sql – wpdb prepare without placeholder

Question

Recently, I found out why there are a lot of PHP Notice on my debug.log. It is because of wpdb:prepare needing placeholders. Documentation says that I need to do:

$wpdb->get_results( $wpdb->prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s", array( 'foo', 1337, '%bar' ) ) );

But for me I use:

$wpdb->get_results( $wpdb->prepare( "SELECT * FROM `table` WHERE `column` = " . $foo . " AND `field` = " . $intvalue . " OR `other_field` LIKE " . $bar ) );

Since I find it easier to read. If I do the 2nd option, can I skip $wpdb->prepare if I use the 2nd option? Or should I change my query to the 1st option since this is what is in the documents.

0
Mr. Kenneth 4 months 2022-04-12T21:45:20-05:00 0 Answers 0 views 0

Leave an answer

Browse
Browse