Passing in MySQL prepare statement parameter separately throwing error

$query = ("SELECT * FROM <tablename> WHERE user_id = {$user_ID}"); // string variable
$stmt = $wpdb->prepare($query);

Say your $user_ID is 9, this will get evaluated to:

$query = ("SELECT * FROM <tablename> WHERE user_id = 9");
$stmt = $wpdb->prepare($query);

and finally becomes

$stmt = $wpdb->prepare("SELECT * FROM <tablename> WHERE user_id = 9");

Now it is complaining that there is no placeholder (like %d was), which is correct. You’re not using prepared statements anymore, which is bad. Because if $user_ID was '' OR 1=1 the statement becomes

$stmt = $wpdb->prepare("SELECT * FROM <tablename> WHERE user_id = '' OR 1=1");

and suddenly you’ve made yourself open to all kinds of SQL injections.

If you want to group your query and variables together more, I suggest using something like:

$query = [
    'sql' => 'SELECT * FROM <tablename> WHERE user_id = %d',
    'args' => [
        $user_Id,
    ],
];
$stmt = $wpdb->prepare($query['sql'], $query['args']);

Or use anything else. But do not remove the %d from the SQL query, otherwise you lose all benefits of prepare()!

Related Posts:

  1. Why is variable not working on custom sql query using wpdb?
  2. How to return number of found rows from SELECT query
  3. Can i use php sql functions instead of $wpdb?
  4. $wpdb->delete column values IN ARRAY()?
  5. Custom query to get post names beginning with a digit
  6. Show only one post for each author ( Page loads too slow )
  7. Modern Tribe Calendar wp-query with meta query not working at all
  8. if statement on database query
  9. WordPress get pagination on wpdb get_results
  10. Looking for most performant way to execute several similar WP queries within shortcodes
  11. Ajax $wpdb not returning table data
  12. Converting MYSQL to WordPress $WPDB
  13. Show MySQL errors that occur when I excute $wpdb->insert()
  14. How to securely provide a $_POST var in WP_Query with PHP 7?
  15. Can’t get wp_insert_post to work
  16. Create WP_Query to search for posts by their categories or their parent/child categories
  17. WSoD being caused by this piece of code
  18. I want to select the from values from database in WordPress? [closed]
  19. WP_Query adds “(wp_posts.ID = ‘0’)” so no results are returned
  20. Update results, Before deleting the related category [closed]
  21. get_posts() and WP_query limits ‘AND’ conditions to a maximum of 6 for meta value queries in WordPress
  22. wp query foreach deleting record returning only first or last item
  23. inserting a post from an extern php file but post content doesn’t show on wp site
  24. Database query works fine outside WordPress
  25. Using $wpdb (WPDB class) ‘replace’ with multiple WHERE criteria problem
  26. $wpdb->insert() does not Insert record in a table
  27. Help with a $wpdb MySQL Query
  28. Fatal error: Call to a member function query() on a non-object
  29. Custom array from a query only write the last row of the query
  30. How to retrieve the data from the sever and displaying it in a page?
  31. $wpdb returns duplicate posts
  32. Mixing variables into an array when inserting values
  33. Use $wpdb or other PHP script method to find/replace in WP database
  34. How can I add a new row in a separate database when someone registers via WordPress?
  35. Basic wpdb update question
  36. Hide posts if user is added to it WP_query
  37. I can’t update my data through $wpdb
  38. Custom route and query
  39. Output: “Array”
  40. How to use mysql LIKE with wpdb?
  41. How to insert wp_users ->user login name to wp_terms when a new user registering?
  42. WordPress WP_Query without query GET parameters
  43. How do I prepare strings for insertions as values into a MySQL table?
  44. How to use AJAX in WordPress in MYSQL query?
  45. form $_post action value gets truncated after it passes through two forms
  46. Why won’t this wpdb get_results query return results?
  47. WPDB secure custom form
  48. Add row to custom database Table and delete all rows older than 1 day
  49. select a single val though a table in wordpress
  50. WordPress SQL JOIN query
  51. populate select options from extra mysql table data
  52. Query the links Database
  53. MySQL Query Returns Array () In Shortcode
  54. How to WP_Query posts order by parent title?
  55. Isn’t Returning Value While Using SELECT COUNT(*) FROM {$wpdb->prefix}
  56. Convert a column of a table containing an Array as response in HTML
  57. Database SQL query error
  58. MYSQL TIMESTAMP when adding DATE_FORMAT then the output is blank, PHP conflict?
  59. Usermeta data unserialize, extract and display in table in WordPress
  60. Conditional formatting on data fetched from MYSQL
  61. how to get data from two different table from wordpress database
  62. What is the correct way to search 3 custom fields only in WordPress?
  63. Using wpdb to connect to a different database is not working
  64. Modify post image in full size
  65. Query doesn’t display text data with apostrophes
  66. Rewrite SQL query as a prepared statement and use in foreach loop
  67. How to return count of items found in SQL query
  68. Advanced WordPress SQL Query
  69. SQL Query Search page
  70. How can I display a query in a page?
  71. MySQL query in WordPress with AJAX
  72. Passed variable gets undefined variable error on insert on next page
  73. MySQL queries in WordPress
  74. Using the same shortcode to show any table from the database
  75. MySQL database migration to WordPress
  76. Custom query_posts() parameter
  77. Changing regular db connection to $wpdb
  78. Execute multiple PHP Snippets causes error?
  79. Error resetting database index using ALTER TABLE in $wpdb->query
  80. Putting form result in my database
  81. How can I update a value of a field depending on outside source?
  82. No wp-config.php file on local install of wordpress – site still displays
  83. Use ajax to update_post_meta
  84. Get taxonomy terms only of the WP_Query current posts
  85. How to display data from custom table in wordpress phpmyadmin
  86. Replacing mysql_escape_string in a custom plugin when moving to PHP7
  87. wpdb prepare insert table doesn’t work
  88. How to display SQL query that ran in WC_Order_Query?
  89. Store metakey value as an array
  90. Delete database record using plugin from admin panel
  91. Post not populating for custom post type based on category selection
  92. Infinite Loop – WP_Query
  93. Why my query does not run with prepare
  94. WP_Query and help with the loop for magazine front page
  95. WordPress mysql deos not work with php7
  96. append data to mysql table via submit button coded in php – not working
  97. Add two or multiple functions in WordPress Post or Page
  98. direct query to post_meta table
  99. How to set max users to 17.000
  100. List sibling pages widget, exclude current page