#24581 closed defect (bug) (duplicate)
Database IN() operators + array are broken
Reported by: | Ninos Ego | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.9 |
Component: | Database | Keywords: | close |
Focuses: | Cc: |
Description
I found the ticket #11100 after I searched for a solution with escaping in IN operators. I think the solution in [12156] is very nice. But if you have nothing in your array, you get a database error. So here's my solution :)
$in = count($postmetaids) ? implode( ',', array_fill(1, count($postmetaids), '%d')) : 'NULL'; $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN($in)", $postmetaids ));
This codesnippet is for #11100 and should work like a charm. But I think there are another places with the solution like in [12156]...
PS: Maybe it would be also nice to include a solution for arrays in the $wpdb->prepare() function like %as (string array), %ad (decimal array) %af (float array)
Thanks
Change History (4)
#3
@
11 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #18196.
#4
in reply to:
↑ 2
@
11 years ago
Replying to pento:
As for passing an array to
$wpdb->prepare()
, this behaviour isn't supported by regular prepare functions, so I don't think it'd be a good fit.
But it would solve a lot of time passing an array through the prepare-function. The core, plugins and themes would be also more secure and a little bit lighter. If you want I can pull a patch.
PS: is it maybe better to create for that a new ticket?
Thanks for the report, Ninos!
This was fixed in [18500], when
delete_post_meta_by_key()
changed over to usingdelete_metadata()
.As for passing an array to
$wpdb->prepare()
, this behaviour isn't supported by regular prepare functions, so I don't think it'd be a good fit.