You should definitely be using prepare in this case, as your query is accepting input. It would be quite trivial for someone to compromise your database otherwise. Here we also use the new-in-4.0 esc_like method:
$like="%" . $mydb->esc_like( $facility_name ) . '%';
$results = $mydb->get_results(
$mydb->prepare(
"SELECT facility_name FROM facility WHERE facility_name LIKE %s LIMIT 0, 10",
$like
)
);
Related Posts:
- the_date() not working
- Query multiple custom post types in single loop
- The correct method to pass query vars in AJAX using ajaxurl
- How to search display_name column when using WP_User_Query
- Using WP_Query – how to display something IF there are no results
- How to find objects by terms
- How to order posts by modified date without using ‘query_posts’?
- Delete post revisions on post publish
- How to get user by display_name with WP_User_Query
- How to sort results from a custom database table
- Specific Loop For 2 Within Each
- WP database error for comments_popup_link()
- How to add a post or page tag to the list of classes appearing in the body tag’s class attribute?
- Use two WP Query in template
- Get ID of child from child slug, while knowing parent ID
- List User order by ID in Descending order (Backend)
- spliting posts into two columns
- How to get to a specific position in wp_query?
- WordPress – query 5 posts with a specific post in top
- Get all user meta by meta key instead of ID
- Why is variable not working on custom sql query using wpdb?
- How to get a list of all possible values of a specific user meta key?
- Custom filter in admin edit custom post type responding with invalid post type?
- Accessing the database from a plugin outside of action hooks
- Echo a hierarchical list of post data from custom fields
- Create WP_Query to search for posts by their categories or their parent/child categories
- Storing Array from returned database query and using the array in a new query
- What query string parameter is available for index.php, that works for both pages and blog articles?
- ACF: how do I get the fields and its values of a specific group?
- Set WP_query ‘order’ option by another tables value
- WordPress default Search function inconsistent in WooCommerce Product Titles
- Increase offset while looping
- wpdb php get_var query to get ID for URL image doesn’t work for ID over 999
- Two queries for a WP_User_Query search work perfectly apart, but not together
- Trying to get a PHP variable defined in a custom post into a javascript file. Null value. Using wp_localize_script
- Query if audio attachment AND/OR custom field
- Using $wpdb (WPDB class) ‘replace’ with multiple WHERE criteria problem
- WordPress SQL injection
- Which is the correct way to conditionally enqueue a CSS file?
- Odd / Even posts add class minus first post
- unable to use ‘new WP_Query’ in AJAX call
- Parse error: syntax error, unexpected ‘}’ on get_the_author_meta [closed]
- How to list commenters and days since last commented
- How to add div blocks after certain set of post
- How to overwrite orderby with add_query_var
- Can’t update multiple rows with $wpdb query
- Can I make get_users() query global?
- How to display SQL query that ran in WC_Order_Query?
- Custom Post type slider with thumbnail navigation
- Shortcode to pull posts
- PHP -> SQL Query with Summing
- How to hide posts of a specific custom category in WordPress?
- WordPress PHP syntax doesn’t seem to be working correctly
- Querying for specific tags
- Limit tags shown in post
- Why my query does not run with prepare
- List of Events with Multiple Dates: Only NEXT Date
- Echo array value
- Query pulling a single post per month
- WordPress Custom Query: Combining Two Functions
- SQL error with custom query
- Reject all malicious URL requests functions.php
- Advanced Query posts
- How can I check that the acf field value is not a duplicate when adding a post?
- Build A Custom SQL Query for WordPress Search
- My Custom Post Type AJAX Query is Returning no posts – why?
- WordPress Custom Form – Getting Query Vars, Weird Glitch?
- Display articles with a different template in the home page | Solved |
- array wordpress when get is null
- Reading URL Parameters
- Category Page Displaying all Pages
- Why does a header location on admin_head remove the query var I’m setting in the location?
- getting the values of hidden inputs to use them in a php mysql query
- Offset with ajax load more posts duplicates
- Query doesn’t display text data with apostrophes
- How to make a parent page for author.php?
- How to do a MySql query in WordPress?
- Pagination in WP Queries
- How can I display a query in a page?
- Echo multiple tasks if a common function exists
- Get posts associated with media attachment
- How to enqueue assets only on queried pages, excluding the page being queried?
- Unserializeing multiple column values that are stored in one database results variable
- Problems With Query and/or Template Part and/or PHP
- If Elseif Query
- Arrange Category post manually when displayed
- How to callback custom field text
- How can I add more code to this?
- Does wp_query and query_posts affect website performance? [duplicate]
- Query Concatenation
- How to insert a variable into a query parameter?
- wp_query on search results page showing all results every time
- WP_Query not returning results
- Show post like this image in my newssite [closed]
- Sorting a custom post type in pre_get_posts
- SQL query to retrieve the number of WordPress posts with all given categories
- Custom Filtering date with newsletter
- Display featured posts first, then display all others within a specific category in WordPress
- Function wpdb::prepare was called incorrectly. The query argument of wpdb::prepare() must have a placeholder
- How to allow searching a custom meta key in admin list table?