wpdb::prepare( string $query, mixed $args )
Prepares a SQL query for safe execution.
Description
Uses sprintf()-like syntax. The following placeholders can be used in the query string:
- %d (integer)
- %f (float)
- %s (string)
- %i (identifier, e.g. table/field names)
All placeholders MUST be left unquoted in the query string. A corresponding argument MUST be passed for each placeholder.
Note: There is one exception to the above: for compatibility with old behavior, numbered or formatted string placeholders (eg, %1$s
, %5s
) will not have quotes added by this function, so should be passed with appropriate quotes around them.
Literal percentage signs (%
) in the query string must be written as %%
. Percentage wildcards (for example, to use in LIKE syntax) must be passed via a substitution argument containing the complete LIKE string, these cannot be inserted directly in the query string.
Also see wpdb::esc_like().
Arguments may be passed as individual arguments to the method, or as a single array containing all arguments. A combination of the two is not supported.
Examples:
$wpdb->prepare(
"SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s",
array( 'foo', 1337, '%bar' )
);
$wpdb->prepare(
"SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s",
'foo'
);
Parameters
- $query
-
(Required) Query statement with sprintf()-like placeholders.
- $args
-
(Required) Further variables to substitute into the query's placeholders if being called with individual arguments.
Return
(string|void) Sanitized query string, if there is a query to prepare.
Source
File: wp-includes/class-wpdb.php
Changelog
Version | Description |
---|---|
6.2.0 | Added %i for identifiers, e.g. table or field names.<br> Check support via wpdb::has_cap( 'identifier_placeholders' ) .<br> This preserves compatibility with sprintf(), as the C version uses %d and $i as a signed integer, whereas PHP only supports %d . |
5.3.0 | Formalized the existing and already documented ...$args parameter by updating the function signature. The second parameter was changed from $args to ...$args . |
2.3.0 | Introduced. |