Warning: preg_replace(): Compilation failed: invalid range in character class at offset 4 in /home/customer/www/wpdb.boilingpotmedia.com/public_html/wp-content/plugins/crayon-syntax-highlighter/crayon_langs.class.php on line 340
Warnings Archives - WordPress $wpdb

WordPress $wpdb

WordPress $wpdb example scripts and the global $wpdb teeshirt

WordPress $wpdb Warning – Missing argument 2 for wpdb::prepare()

By Leave a Comment

If you are seeing this error, then you are probably using {php}wpdb::prepare(){/php} like this:

[php]$wpdb->prepare( “SELECT * FROM table WHERE id = $id” );[/php]

You can not safely pass a PHP variable (in the example, {php}$id{/php}) directly into {php}wpdb::prepare(){/php} or your code will be vulnerable to SQL injection attacks. WordPress knows that if there is just one argument within the parentheses, that the argument contains a variable. In the example above, the argument is everything within the double quotes.

To solve the problem, update your syntax to use more than one argument, and move the variable outside of the existing argument:

[php]$wpdb->prepare( “SELECT * FROM table WHERE %d”, $id );[/php]

If you have more than one variable, ensure that both are their own argument:

[php]
$id = 1432;
$key = Jim;
$wpdb->prepare( “SELECT * FROM table WHERE %d AND key = %s”, $id, $key);
[/php]

Learn more about this error here.