wordpress wpdp->getresults在sql字符串有“%f”时不执行我的sql

ryevplcw  于 2021-06-19  发布在  Mysql
关注(0)|答案(1)|浏览(320)

这是我执行查询时的代码。我显示了执行前的sql查询和执行后的sql查询。

public static function getProductByUser($user_id, $page, $containName, $sort, $filterOptions)
{
    global $wpdb;
    $limit = 40;
    $offset = ($page - 1) * $limit;
    $querySort = self::buildSortQuery($sort);
    $pidi_db = new DatabaseApi();
    $filterQuery = "";
    if ($filterOptions) {
        $filterQuery = self::buildFilterQuery($filterOptions);
    }
    $sql = "SELECT hp.*, CASE WHEN pf.product_id IS NULL THEN false ELSE true  END as favorite
    FROM {$pidi_db->{UserDomain::$table_name}} ud JOIN {$pidi_db->{self::$table_name}} hp ON ud.domain_name = hp.domain
    LEFT JOIN {$pidi_db->{HotProductFavorite::$table_name}} pf ON pf.product_id = hp.product_id 
    WHERE ud.user_id = %d AND hp.title LIKE %s" . $filterQuery . " GROUP BY hp.product_id " . $querySort . " LIMIT %d OFFSET %d ";

    $query = $wpdb->prepare($sql, $user_id, "%" . $containName . "%", $limit, $offset);

     print_r($sql);
     print_r("\n");

     $wpdb->get_results($query);
     print_r($wpdb->last_query);
     die;

}

当最后一个sql字符串返回这样的值时。查询已执行:

=== Sql after prepare ====
SELECT hp.*, CASE WHEN pf.product_id IS NULL THEN false ELSE true  END as favorite
    FROM wp_pidi_user_domain ud JOIN wp_pidi_hot_product_tracking hp ON ud.domain_name = hp.domain
    LEFT JOIN wp_pidi_hot_product_favorite pf ON pf.product_id = hp.product_id 
    WHERE ud.user_id = %d AND hp.title LIKE %s AND hp.domain LIKE '%asadas%' GROUP BY hp.product_id ORDER BY hp.published_at DESC LIMIT %d OFFSET %d 
 === SQL was executed ===
SELECT hp.*, CASE WHEN pf.product_id IS NULL THEN false ELSE true  END as favorite
    FROM wp_pidi_user_domain ud JOIN wp_pidi_hot_product_tracking hp ON ud.domain_name = hp.domain
    LEFT JOIN wp_pidi_hot_product_favorite pf ON pf.product_id = hp.product_id 
    WHERE ud.user_id = 1 AND hp.title LIKE '%%' AND hp.domain LIKE '%asadas%' GROUP BY hp.product_id ORDER BY hp.published_at DESC LIMIT 40 OFFSET 0

好像wpdp执行了我的查询。但当最终的sql字符串像这样返回时,wpdp并没有执行我的查询,也没有在日志文件中显示任何错误。我想为了防止注入函数拒绝了我的查询。

=== sql after prepare ===
SELECT hp.*, CASE WHEN pf.product_id IS NULL THEN false ELSE true  END as favorite
    FROM wp_pidi_user_domain ud JOIN wp_pidi_hot_product_tracking hp ON ud.domain_name = hp.domain
    LEFT JOIN wp_pidi_hot_product_favorite pf ON pf.product_id = hp.product_id 
    WHERE ud.user_id = %d AND hp.title LIKE %s AND hp.title LIKE '%fairy%' GROUP BY hp.product_id ORDER BY hp.published_at DESC LIMIT %d OFFSET %d 
=== lastest sql was executed ===
SELECT * FROM wp_pidi_filter_options WHERE `user_id`=1 AND `screen_id`=1

它是先前执行的sql,而不是prepare之后的sql。
有人能帮我吗?谢谢!

mysqlphpwordpressDatabase

1条答案

按热度按时间
vdgimpew

vdgimpew1#

我的解决方案:buildfilterquery()函数将始终返回这样的字符串,如果您有更好的解决方案,请改进我的答案!:

"AND hp.title LIKE '¥REGEX¥Fairy¥REGEX¥' "

准备好后: $query = $wpdb->prepare($sql,$arg); 替换regex占位符:

$newFilterQuery = str_replace(self::$REGEX, '%', $query);
   return $wpdb->get_results($newFilterQuery);
赞(0)分享  回复(0)举报  2021-06-19
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com