Results are empty with $wpdb->prepare statement

I am working in WordPress and my $wpdb select query works without prepare but when I use the proper escaping and use $wpdb->prepare ... with prepare results never show up and results show when I don't use %s and prepare ... what is there that I am missing ... thanks and no error show up in inspect screen with prepare and results also don't show. Please guide what approach to use to save from sql injection then.

This work

$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = '$category' && 1user.competition = '$comp' ORDER BY 1user.uid DESC";

This does not work

$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = %s && 1user.competition = %s ORDER BY 1user.uid DESC"; $results = $wpdb->get_results($wpdb->prepare($sql),$category,$comp) or die(mysql_error());

-------------Problems Reply------------

you added the parentheses in the wrong place, it needs to be after your variables.

$results = $wpdb->get_results($wpdb->prepare($sql,$category,$comp)) or die($wpdb->print_error());

Category:php Views:2 Time:2018-07-07

Related post

  • Problem with UPDATE prepared statement in PHP 2011-02-07

    I have a problem with UPDATE prepared statement, looked everywhere, browsed through questions here, and the syntax seems to be right, what am I missing? $update_page = $db->stmt_init(); $update_page = $db->prepare (" UPDATE pages SET page_title

  • Verify that all text input fields are empty with Selenium 2011-11-04

    I want to verify that all input text fields are empty with Selenium IDE/Webdriver. Suppose if there is a method that can return all HTML input elements with the attribute "text" or "textarea", then I could iterate over all of them and check if the te

  • Are htmlentities and PDO prepared statements enough to stop XSS and SQLi? 2010-08-30

    When I validate inputs I'm converting characters, including quotes, to their HTML entities. When putting them into a database I am using PDO prepared statements and passing the variables into the execute method. Is this enough to stop SQLi and XSS at

  • Problem with multiple prepared statements 2011-02-18

    Here's the issue. I have a prepared statement, like this: $select_something = $db->stmt_init(); $select_something->prepare (" SELECT whatever FROM table "); $select_something->execute(); $select_something->bind_result($whatever); When alo

  • Sybase Query with Java Prepared Statements Not Working 2011-07-27

    I have a web application using Java/JSP that was running off a MySQL database which I've now moved to Sybase. I've changed what I believe are all the relevant connection parts (Sybase Connector and relevant code) I've been using PreparedStatements fo

  • Use the IN directive to search with a prepared statement 2012-01-25

    My purpose is to find all the item in the table that match a collection stored in a String: $array=array("item1","item2","item3","item4");//This is dynamically filled, this is just an example $in_list = "'".implode("','",$array)."'";//that's why i us

  • Bind Results in C# using SQL prepared statements 2012-02-11

    Using this: SqlConnection myConnection = new SqlConnection("Data Source=.\\SERVER;Initial Catalog=DB;Integrated Security=True;TrustServerCertificate=True;User Instance=False"); myConnection.Open(); SqlCommand myCommand = new SqlCommand("SELECT Busine

  • Working with dynamic prepared statements in PDO 2012-04-05

    Sometimes depending on which user type if viewing my page, I need to add in a JOIN, or even just limit the results. Is there a cleaner way of going about it? Should I have separate statements for each type of request instead? What is more "proper"? H

  • How do you use IN clauses with mysqli prepared statements 2009-04-21

    I’m moving some old code over to the new msqli interface using prepared statements, I’m having trouble with SQL statements containing the IN clause. I would just normally do this: $ids = '123,535,345,567,878' $sql = "SELECT * FROM table WHERE id IN (

  • problem with sqlite prepare statement 2011-04-08

    i am creating an sqlite incorporated application in iphone. i have all the neccasary steps to open the database,insert data into database and fetch data from database .But when i execute my application i get a problem ,my database opens but my query

  • glibc memory corruption with libmysqlcppconn prepared statement 2012-03-28

    I'm currently writing a web-crawler/spider in C++ on Linux and I'm having some problems with updating a database. I'm fairly new to C/C++, just FYI. The database updates are executed by a seperate thread (using pthreads) but the same problem exists i

  • Python to Postgres interface with real prepared statements? 2009-10-23

    I've been trying to find a postgres interface for python 2.x that supports real prepared statements, but can't seem to find anything. I don't want one that just escapes quotes in the params you pass in and then interpolates them into the query before

  • Problem with a prepared statement 2011-03-26

    I have this code: Date start = new Date(Integer.parseInt(jTextField4.getText()), Integer.parseInt(jTextField16.getText()), Integer.parseInt(jTextField17.getText())); Date end = new Date(Integer.parseInt(jTextField5.getText()), Integer.parseInt(jTextF

  • Whats wrong with this prepared statement 2011-06-29

    i have a prepared statement just learned few hours ago but i get always as return 0 $ip = $data $stmt = $mysqli->prepare("SELECT counter_ip FROM counter_out WHERE counter_ip = ?"); $stmt->bind_param('s', $ip); $stmt->execute; $stmt->bind_

  • Create User with MySQLi Prepared Statement 2011-08-31

    I have a script using PHP and MySQLi with prepared statements. The purpose is to create a new user on a MySQL server, however preparing the statement fails with no further information as to why. $query = 'CREATE USER [email protected]`10.1.1.%` IDENTIFIED BY ?;'; i

  • Issue With Mysqli Prepared Statement When Using AES_ENCRYPT 2012-01-04

    I have searched extensively before posting. :) I am trying to do a simple insert into mySQL. I am using mysqli using prepared statements. Below is the code: $sql_query = "UPDATE $table SET $name = AES_ENCRYPT(?,'$key') WHERE $id_name = '$_SESSION[$id

  • using outlook and now emails with pix attached are empty with a red x in the upper right hand corner 2013-06-30

    As hotmail did in the past, outlook is not allowing the attached pictures to be seen. the box is empty with a red x in the upper left hand corner. before having to go to outlook, hotmail was working okay. The strange part of the situation is if i rep

  • Sqlite Database Load Fails - Issue with sqlite prepare statement - iPhone - xCode 4.3.1 2012-03-27

    I am having issues with the following code which loads an SQLite database. - (NSArray *)getDatabase { NSLog(@"Get Database Called"); NSMutableArray *retval = [[[NSMutableArray alloc] init] autorelease]; NSString *query = @"SELECT Description, UniqueI

  • How to do a SELECT LIKE with PDO Prepare Statement - are value objects of any use here? 2010-08-26

    The point is to make a query that will grab values introduced by the user on a input box, and retrieve the database records found trough that keyword comparison. On a innodb engine, so no MATCH AGAINST available correct ? I will use LIKE on a indexed

  • What does LINQ return when the results are empty 2009-07-28

    I have a question about LINQ query. Normally a query returns a IEnumerable type. If the return is empty, not sure if it is null or not. I am not sure if the following ToList() will throw an exception or just a empty List<string> if nothing foun

  • jQuery ajax if results are empty 2011-02-03

    I'm doing an ajax lookup using jQuery, which is all going swimmingly. However I want to be able to do something special if the lookup itself is successful but returns an empty result. For example I'm using code like this to do the lookup: jq.ajax({ u

  • inner join wont work with mysqli prepared statement in php 2011-03-23

    I can't seem to get this statement or statements alike to work with prepared queries, the code works just fine below: $DBH = getDBH(); $stmt = $DBH->prepare("SELECT, a.title, FROM tag t INNER JOIN tag_reference atx ON t.tag_id = atx.t

  • The mysql fetch results are empty if I retrieve all rows 2011-09-14

    I'm having some issues returning values from a server with php + mysql. This is my code $result = mysql_query("SELECT * FROM Nicknames", $con); if (mysql_real_escape_string($_POST['Create']) == "NICKNAME") { $output; while ($row = mysql_fetch_assoc($

  • How can i verify that all my tables are empty with HQL/Hibernate? 2012-02-14

    I have a big functionnal test suite. Each test are independant. But, from time to time, there is a problem and one of these tests leaks (exception happens before the data could be cleaned etc) and some of the subsequent tests could fail. So the first

Copyright (C), All Rights Reserved.

processed in 0.119 (s). 11 q(s)