我有一个查询，它应该检查输入的订单号、名字和邮政号，并检查它们是否匹配wordpress数据库中的内容，但是无论我输入什么邮政号，查询总是通过，代码本身如下所示：

// Taking the user input into variables
  $ordernumber = $_POST['ordernmbr'];
  $orderfirstname = $_POST['firstname'];
  $orderpostnumber = $_POST['postnmbr'];
  $page = $_POST['page'];
  // Sanitizing
  $ordernumber = stripslashes_deep($ordernumber);
  $orderfirstname = stripslashes_deep($orderfirstname);
  $orderpostnumber = stripslashes_deep($orderpostnumber);

  // Query that searches for order data from db
  $sql = $wpdb->prepare("SELECT post_id FROM wp_postmeta
  WHERE post_id = %d AND meta_key in ('_billing_first_name', '_billing_postcode')
  and meta_value in ('%s', '%d' )

  group by post_id", $ordernumber, $orderfirstname, $orderpostnumber);

  $res = $wpdb->get_results($sql, ARRAY_A);

我遗漏了什么，所以邮政号码也需要是正确的