[wp-hackers] wpdb->prepare with variables for table and keys

Olivier autremonde75 at gmail.com
Wed May 5 16:46:53 UTC 2010


Thanks for your prompt answer Otto, pretty clear!

Olivier

On May 5, 3:48 pm, Otto <o... at ottodestruct.com> wrote:
> A prepare like that handles the quoting for you. So your table and
> field names get quoted, which naturally won't work.
>
> In short, yes, the %s %d stuff should only be used for values. That
> is, the right hand side of the = bits.
>
> -Otto
>
>
>
>
>
> On Wed, May 5, 2010 at 8:42 AM, Olivier <autremond... at gmail.com> wrote:
> > Hello,
>
> > I am trying to perform a query like this :
> > $count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM %s WHERE
> > %s = %s",$table,$idkey,$idvalue));
>
> > But it doesn't work, I have to end up doing this to have it work which
> > means that $type and $idfield won't be escaped before performing the
> > query and thus have to be verified before :
> > $count = $wpdb->get_var($wpdb->prepare("SELECT COUNT(*) FROM $type
> > WHERE $idfield = %s",$idvalue));
>
> > So my question is "simple" : is the %s, %d, %% syntax to be used only
> > for the values in the WHERE statments?
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hack... at lists.automattic.com
> >http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hack... at lists.automattic.comhttp://lists.automattic.com/mailman/listinfo/wp-hackers- Hide quoted text -
>
> - Show quoted text -


More information about the wp-hackers mailing list