Changeset 41632
- Timestamp:
- 09/28/2017 11:44:30 AM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/wp-db.php
r41629 r41632 1195 1195 * Prepares a SQL query for safe execution. Uses sprintf()-like syntax. 1196 1196 * 1197 * The following directives can be used in the query formatstring:1197 * The following placeholders can be used in the query string: 1198 1198 * %d (integer) 1199 1199 * %f (float) 1200 1200 * %s (string) 1201 * %% (literal percentage sign - no argument needed)1202 * 1203 * All of %d, %f, and %s are to be left unquoted in the query string and they need an argument passed for them.1204 * Literal s (%) as parts of the query must be properly written as %%.1205 * 1206 * This function only supports a small subset of the sprintf syntax; it only supports %d (integer), %f (float), and %s (string).1207 * Does notsupport sign, padding, alignment, width or precision specifiers.1208 * Does not support argument numbering/swapping.1209 * 1210 * May be called like {@link https://secure.php.net/sprintf sprintf()} or like {@link https://secure.php.net/vsprintf vsprintf()}.1211 * 1212 * Both %d and %s should be left unquoted in the query string.1213 * 1214 * $wpdb->prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d ", 'foo', 1337);1201 * 1202 * All placeholders MUST be left unquoted in the query string. A corresponding argument MUST be passed for each placeholder. 1203 * 1204 * Literal percentage signs (%) in the query string must be written as %%. Percentage wildcards (for example, to use in LIKE syntax) 1205 * must be passed in the string argument, it cannot be inserted in the query string. 1206 * 1207 * This method DOES NOT support sign, padding, alignment, width or precision specifiers. 1208 * This method DOES NOT support argument numbering or swapping. 1209 * 1210 * Arguments may be passed as individual arguments to the method, or as a single array containing all arguments. A combination 1211 * of the two is not supported. 1212 * 1213 * Examples: 1214 * $wpdb->prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s", array( 'foo', 1337, '%bar' ) ); 1215 1215 * $wpdb->prepare( "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s", 'foo' ); 1216 1216 * … … 1219 1219 * 1220 1220 * @param string $query Query statement with sprintf()-like placeholders 1221 * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called like 1222 * {@link https://secure.php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if 1223 * being called like {@link https://secure.php.net/sprintf sprintf()}. 1224 * @param mixed $args,... further variables to substitute into the query's placeholders if being called like 1225 * {@link https://secure.php.net/sprintf sprintf()}. 1221 * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called with an array of arguments, 1222 * or the first variable to substitute into the query's placeholders if being called with individual arguments. 1223 * @param mixed $args,... further variables to substitute into the query's placeholders if being called wih individual arguments. 1226 1224 * @return string|void Sanitized query string, if there is a query to prepare. 1227 1225 */
Note: See TracChangeset
for help on using the changeset viewer.