WordPress.org
Get WordPress

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#41926 closed defect (bug) (duplicate)

wpdb->prepare() method inhibits argument numbering

Reported by: ruudjoyo's profile ruud@… Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8.2
Component: Query Keywords:
Focuses: Cc:

Description

Since 4.8.2 an additional line was added to escape any unescaped percents:

$query = preg_replace( '/%(?:%|$|([^dsF]))/', '%%\\1', $query ); // escape any unescaped percents

this however prohibits the use of numbered arguments like in this query from Yoast SEO plugin:

$query = $wpdb->prepare( 'SELECT COUNT( id ) AS incoming, target_post_id AS post_id
			  FROM %2$s
			 WHERE target_post_id IN( %3$s )
		  GROUP BY target_post_id',
			$this->get_table_name(),
			$storage->get_table_name(),
			implode( ', ', $post_ids )
		);

Change History (4)

#1 @ocean90
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Yoast SEO is actually doing it wrong since numbered arguments are not supported by wpdb::prepare(). There's a pending PR to fix this.

Closing as a duplicate #41925 which requests to add support for numbered arguments.

#2 @ruud@…
7 years ago

Thanks Dominik for the feedback.

This ticket was mentioned in Slack in #forums by clorith. View the logs.
7 years ago

#4 @ocean90
7 years ago

#41929 was marked as a duplicate.

Note: See TracTickets for help on using tickets.