How to escape percentage sign(%) in sql query with $wpdb->prepare?

This is an incorrect use of prepare, that function is used to safely insert variables into queries. However the code in your question does this beforehand, bypassing the security function.

E.g.

What you did:

$unsafesql = "INSERT $dangerousvariable";
$still_unsafe_sql = $wpdb->prepare( $sql, '' );

What it should be:

$safe_sql = $wpdb->prepare( "INSERT %s", $dangerousvariable );

Related Posts:

  1. Using wpdb to connect to a separate database
  2. How to fetch Data in WordPress using MySQLi or $wpdb
  3. wpdb->insert multiple record at once
  4. How to define composite keys with dbDelta()
  5. Inserting Post Meta From SQL
  6. Why does dbDelta() not catch MysqlErrors?
  7. What causes the “max_user_connections” warning on WordPress frontend?
  8. How to execute mulitple statement SQL queries using $wpdb->query?
  9. Database slowdown after update to 3.4.1
  10. wpdb_prepare with multiple or condition
  11. WordPress database error – Error in SQL syntax – I can’t identify any error?
  12. Advanced SELECT query with condtional statements
  13. Redirecting to old domain after migration website
  14. Create table from array with prepare
  15. WordPress running SQL query to update database from form
  16. Have working sql query… trying to adjust it to use $wpdb
  17. Custom WordPress Table wpdb
  18. Best practice to limit results in get_row()?
  19. Trouble running $wpdb->query() with last_insert_id
  20. Query Column of Specific ID from Database Table
  21. How to create more than one new wpdb object?
  22. How to connect and insert data in database of wordpress?
  23. “BS_” rows in postmeta table
  24. Where is the HTML-handler part in the wpdb class?
  25. WordPress Database Query works in phpMyAdmin but not in the code
  26. insert data from a form:: Warning Empty query mysqli::query()
  27. How can I get $wpdb to show MySQL warnings?
  28. How To connect to the same WordPress database with different database user
  29. using same mysql user with many databases
  30. Uploading to WordPress Database
  31. Rename a table in MySQL
  32. How should I tackle –secure-file-priv in MySQL?
  33. Can’t connect to MySQL server on ‘127.0.0.1’ (10061) (2003)
  34. Checking if Database Table exists
  35. Connect to database using wordpress wp-config file
  36. How To Export/Import WordPress (MySQL) Database Properly Via Command-Line?
  37. Does wpdb add considerable overhead on queries with large result sets?
  38. Is it possible to define two databases for one installation?
  39. Hook into $wpdb
  40. Display data from a non wordpress database on a page template
  41. Connecting to external oracle database
  42. Huge wp_options table
  43. “MySQL server has gone away” since update to 3.8
  44. Can’t save ajax value to database
  45. Updating all rows of table with $wpdb
  46. Is $wpdb->prepare escaping to much? How to use it properly?
  47. Can I transfer a mysql database to another site?
  48. MySQL Syntax Error upon restoring database from backup [closed]
  49. Help running a MySQL query to update all wp_#_options tables in a Multisite install
  50. Remove database entries where post_date > expiration date
  51. Is it safe to convert tables from MyISAM to InnoDB?
  52. Emojis getting converted to “?”
  53. How to use a different database to list and manage comments in the backend
  54. How do I properly update the WordPress database password?
  55. $wpdb->insert is not working
  56. WordPress Install and Database on separate hosting?
  57. wpdb custom post_type problem
  58. In what part of the WordPress core does the users table and usermeta table get joined?
  59. WordPress and MySQL: how to transfer Meta_key and Meta_Value from one post_id to another
  60. Using GROUP CONCAT in my-sql query with wp_usermeta table
  61. Help With MySQL to WPDB Query Conversion
  62. Migrating from PDO using SQLite to clean new install using MySQL
  63. $wpdb->insert Giving duplicates
  64. Duplicated site isn’t recognized as a site
  65. after wordpress update to 3.5+ i get many errors in plugin wpdb::prepare()
  66. Error establishing a database connection,
  67. Changing root password in PHPMyAdmin for WordPress Database when going live
  68. How to properly check if a table exists in WordPress Database using Show Tables Query
  69. Can’t update WordFence Options, clear data manually
  70. How to fetch records from database WordPress
  71. How and where is wordpress adding mySQL content to database?
  72. Best practice to import user base (subscribers) from one website to another?
  73. AJAX wp-mysql running too slow
  74. Connecting to a different database
  75. How to delete a particular row in a database table
  76. Files on Localhost, Database on Server
  77. Should I use an additional column in the DB?
  78. Remote database -> massive response time increase?
  79. Getting value from database table depending on field value
  80. Getting “Error Establishing a Database Connection” on localhost in new Mac OSX Lion environment
  81. wpdb->insert not inserting first variable
  82. How do I have a user upload a blog post and then retrieve that to display in a card on the site?
  83. How do I get database rows from a custom table using wpdb?
  84. How to edit custom table data in frontend
  85. local wordpress broke after changing URL
  86. Exporting Post ID, Post Title, Primary Category and Primary Category ID
  87. Help posting values to DB on submit using $wpdb->query
  88. How to create index (sql) to a meta_key?
  89. 2 $wpdb queries causing error Table ‘wp_postmeta’ is specified twice, both as a target for ‘UPDATE’
  90. WPCLI search and replace in a particlar site dir effect another site-dir
  91. Accessing content from third party as native posts in WordPress
  92. Hang Up Followed By Can’t select database
  93. Can’t Install WordPress (local) Failed to open file wp-includes/wp-db.php
  94. Why is converting my database to UTF-8 truncating entries?
  95. Pulling values from a sepcific row in table
  96. Inserting into data into external DB using WPDB
  97. Insert Extra fields added in the front end registration form to DB
  98. export individual posts to text files or a single csv file
  99. $wpdb->insert not working for last select option
  100. Putting form result in my database
error code: 523