Results are empty with $wpdb->prepare statement

I am working in WordPress and my $wpdb select query works without prepare but when I use the proper escaping and use $wpdb->prepare … with prepare results never show up and results show when I don’t use %s and prepare … what is there that I am missing … thanks and no error show up in inspect screen with prepare and results also don’t show. Please guide what approach to use to save from sql injection then.

This work

$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = '$category' && 1user.competition = '$comp' ORDER BY 1user.uid DESC";

This does not work

$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = %s && 1user.competition = %s ORDER BY 1user.uid DESC";


$results = $wpdb->get_results($wpdb->prepare($sql),$category,$comp) or die(mysql_error());


Source: wpdb

Leave a Reply