在$ wpdb-> prepare中使用like语句,在其中显示通配符在哪里的哈希 [英] Using like statement with $wpdb->prepare showing hashes where wildcard characters are
问题描述
我正在尝试使用通配符构建准备好的语句,但是我遇到了一个问题,其中通配符字符的百分比似乎返回了通配符的散列值,我不确定为什么.有问题的代码是:
I'm trying to build a prepared statement with wildcards however I'm running into an issue where the percentage wildcard characters seem to be returning what seem to be hashes for the wildcards and I'm not sure why. The code in question is:
$condition = $wpdb->prefix."posts.post_title LIKE %%%s%%";
$query['conditions'][] = $wpdb->prepare($condition, $name);
结果是:
posts.post_title LIKE {d690dd63f5944b9bca120e110c22802f0ec841d8120d813dd4abc08cba4a59c0}BT{d690dd63f5944b9bca120e110c22802f0ec841d8120d813dd4abc08cba4a59c0}
只是想知道是否有人对导致这种情况的原因有任何想法.任何帮助将不胜感激.
Just wondered if anyone had any ideas on what could be causing this. Any help would be greatly appreciated.
谢谢
推荐答案
不用担心哈希,当您执行查询时,它们会在$ wpdb中被替换为%.
Don't worry about the hashes, they'll get replaced with % in $wpdb when you execute your query.
这些散列是WP v4.8.3引入的,用于解决SQL注入攻击.
These hashes were introduced with WP v4.8.3 as a fix for SQL injection attack.
它们是%字符的占位符.它可以防止他人使用%s,%d和%f以外的其他内容.如果除已批准的用途之外还有其他百分比,它将用哈希替换该百分比. $ wpdb执行查询时,该哈希将替换为%.
They're placeholders for the % character. It prevents someone from using something other than %s, %d, and %f. If there's a % other than those approved uses, it'll replace the % with a hash. That hash will get replaced back to % when $wpdb executes the query.
如果您想自己删除哈希,可以使用remove_placeholder_escape(),如下所示:
If you want to remove the hashes yourself, you can use remove_placeholder_escape(), like so:
$query['conditions'][] = $wpdb->remove_placeholder_escape($wpdb->prepare($condition, $name));
这篇关于在$ wpdb-> prepare中使用like语句,在其中显示通配符在哪里的哈希的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
