Those are placeholders for % signs. If you’re sending % in the value to be compared against yourself, you’ll notice it transforming '%test%' into wp_posts.post_title LIKE '{30d0e4b86a2a793010a75740f60810aff6b57f6d18edc10be7ca6dc158e40c06}\{30d0e4b86a2a793010a75740f60810aff6b57f6d18edc10be7ca6dc158e40c06}11{30d0e4b86a2a793010a75740f60810aff6b57f6d18edc10be7ca6dc158e40c06}\{30d0e4b86a2a793010a75740f60810aff6b57f6d18edc10be7ca6dc158e40c06}' when you look at $query->request.
The Query at the database side will have %. I haven’t looked into why exactly and where it is done, but I’ve noticed that too recently. I believe it wasn’t that way a few versions ago, so it might be a recent update.
Edit: I’ve looked into it some more. It was added in 4.8.3 and comes from wpdb:
/**
* Adds a placeholder escape string, to escape anything that resembles a printf() placeholder.
*
* @since 4.8.3
*
* @param string $query The query to escape.
* @return string The query with the placeholder escape string inserted where necessary.
*/
public function add_placeholder_escape( $query ) {
/*
* To prevent returning anything that even vaguely resembles a placeholder,
* we clobber every % we can find.
*/
return str_replace( '%', $this->placeholder_escape(), $query );
}
/**
* Removes the placeholder escape strings from a query.
*
* @since 4.8.3
*
* @param string $query The query from which the placeholder will be removed.
* @return string The query with the placeholder removed.
*/
public function remove_placeholder_escape( $query ) {
return str_replace( $this->placeholder_escape(), '%', $query );
}
The relevant trac ticket was #41925, and it was introduced to make sure that the SQL didn’t contain anything that could be misunderstood as a placeholder by sprintf, while bringing “back” numbered placeholders (which were never officially supported but worked. They had been removed because of security issues).