You should try to replace the meta_value = $list->ID
part with the placeholder meta_value = %d
. Then use the following:
$subscriber_count = $wpdb->get_var( $wpdb->prepare( $q, $list->ID ) );
where the input argument $list->ID
will be treated as an integer (signed).
From the Codex:
The query parameter for prepare accepts
sprintf()
-like placeholders.
The%s
(string),%d
(integer) and%f
(float) formats are supported.
(The%s
and%d
placeholders have been available since the function was
added to core in Version 2.3,%f
has only been available since Version
3.3.) Any other % characters may cause parsing errors unless they are escaped. All%
characters inside SQL string literals, includingLIKE
wildcards, must be double-%
escaped as%%
. All of%d
,%f
, and%s
are
to be left unquoted in the query string. Note that the%d
placeholder
only accepts integers, so you can’t pass numbers that have comma
values via%d
. If you need comma values, use%f
as float instead.