The following directives can be used in the query format string:
%d (integer)
%f (float)
%s (string)
%% (literal percentage sign - no argument needed)
All of %d, %f, and %s are to be left unquoted in the query string and they need an argument passed for them.
Literals (%) as parts of the query must be properly written as %%.
This function only supports a small subset of the sprintf syntax; it only supports %d (integer), %f (float), and %s (string).
Does not support sign, padding, alignment, width or precision specifiers.
Does not support argument numbering/swapping.
May be called like {@link http://php.net/sprintf sprintf()} or like {@link http://php.net/vsprintf vsprintf()}.
Both %d and %s should be left unquoted in the query string.
wpdb::prepare( "SELECT * FROM table WHERE column = %s AND field = %d", 'foo', 1337 )
wpdb::prepare( "SELECT DATE_FORMAT(field, '%%c') FROM table WHERE column = %s", 'foo' );
public prepare ( string $query, array | mixed $args ) : null | false | string | ||
$query | string | Query statement with sprintf()-like placeholders |
$args | array | mixed | The array of variables to substitute into the query's placeholders if being called like {@link http://php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}. |
return | null | false | string | Sanitized query string, null if there is no query, false if there is an error and string if there was something to prepare |