Use placeholders and $wpdb->prepare(); found $query | WordPress.org

comkapi
(@comkapi)

2 months, 2 weeks ago
Hello,
PCP give ERROR
WordPress.DB.PreparedSQL.NotPrepared : Use placeholders and $wpdb->prepare(); found $query
with this prepare:
```
$table    = $wpdb->prefix.'_visitors';
$query    = $wpdb->prepare("SELECT * FROM %i WHERE date=%s ORDER BY n DESC", $table, $custom_day);
$t4       = $wpdb->get_results($query);
```
what’s wrong?

Viewing 1 replies (of 1 total)

Plugin Author David Perez
(@davidperez)

2 months, 2 weeks ago
Hello,

The issue is that Plugin Check (PCP) requires prepared statements to be passed directly to the database method – it doesn’t recognize them when stored in a variable first.

The correct solution:

Pass the prepared statement directly to get_results():
```
$table = $wpdb->prefix . '_visitors';
$t4    = $wpdb->get_results(
    $wpdb->prepare(
        "SELECT * FROM %i WHERE date = %s ORDER BY n DESC",
        $table,
        $custom_day
    )
);
```
This is the only way PCP will accept it. You cannot:
- Store the query in a variable first
- Use ignore comments (PCP doesn’t allow them)
Additional notes:
- Make sure you’re using %i for identifiers (table/column names) – requires WordPress 6.2+
- Use %s, %d, or %f for values
- Column names like date and n are correctly hardcoded in your query
This pattern ensures PCP can verify your code is properly using prepared statements.

Regards
- This reply was modified 2 months, 2 weeks ago by David Perez.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

Tags

1 reply
2 participants
Last reply from: David Perez
Last activity: 2 months, 2 weeks ago
Status: not resolved