#42494 closed defect (bug) (wontfix)
$wpdb->prepare placeholder count check is invalid for numbered placeholders
Reported by: | dominicp | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.8.3 |
Component: | Database | Keywords: | |
Focuses: | Cc: |
Description
This is a follow-up to #41925. Apologies if this has already been brought up or if I missed something obvious.
There seems to be a bug in the logic for the extra checks to make sure the correct number of arguments are passed to $wpdb->prepare
when using numbered placeholders.
One of the reasons to use them is to reference the same parameter multiple times. So your code can look like this:
$wpdb->prepare( 'SELECT * FROM wpdb_posts WHERE post_title LIKE "%1$s" OR post_content LIKE "%1$s"', array( 'fluffy' ) );
This perfectly valid construction will throw a deprecation error in 4.8.3 due to this code added in [42068].
Change History (2)
Note: See
TracTickets for help on using
tickets.
This is correct. While this usage technically works, it should be considered invalid going forward. Particularly as we explore moving to proper prepared queries (#42352), placeholders will need to be bound to individual values, rather than repeated values. (Naturally, the existing system will continue to work, but will eventually be deprecated.)