You should definitely be using prepare in this case, as your query is accepting input. It would be quite trivial for someone to compromise your database otherwise. Here we also use the new-in-4.0 esc_like method:
$like="%" . $mydb->esc_like( $facility_name ) . '%';
$results = $mydb->get_results(
$mydb->prepare(
"SELECT facility_name FROM facility WHERE facility_name LIKE %s LIMIT 0, 10",
$like
)
);
Related Posts:
- the_date() not working
- Query multiple custom post types in single loop
- The correct method to pass query vars in AJAX using ajaxurl
- How to search display_name column when using WP_User_Query
- Using WP_Query – how to display something IF there are no results
- Alter query on edit.php
- How to find objects by terms
- How to create a WP_Query to search the Title or Tag?
- How to order posts by modified date without using ‘query_posts’?
- Delete post revisions on post publish
- How to get user by display_name with WP_User_Query
- How to sort results from a custom database table
- Specific Loop For 2 Within Each
- WP database error for comments_popup_link()
- How to add a post or page tag to the list of classes appearing in the body tag’s class attribute?
- Use two WP Query in template
- Get ID of child from child slug, while knowing parent ID
- List User order by ID in Descending order (Backend)
- spliting posts into two columns
- How to get to a specific position in wp_query?
- WordPress – query 5 posts with a specific post in top
- Get all user meta by meta key instead of ID
- Why is variable not working on custom sql query using wpdb?
- How to get a list of all possible values of a specific user meta key?
- Custom filter in admin edit custom post type responding with invalid post type?
- Accessing the database from a plugin outside of action hooks
- Echo a hierarchical list of post data from custom fields
- Create WP_Query to search for posts by their categories or their parent/child categories
- Storing Array from returned database query and using the array in a new query
- mysql query from wordpress page using custom table
- What query string parameter is available for index.php, that works for both pages and blog articles?
- ACF: how do I get the fields and its values of a specific group?
- Set WP_query ‘order’ option by another tables value
- WordPress default Search function inconsistent in WooCommerce Product Titles
- Increase offset while looping
- wpdb php get_var query to get ID for URL image doesn’t work for ID over 999
- How to pre populate a form field with a link of a current user’s author profile?
- Two queries for a WP_User_Query search work perfectly apart, but not together
- Trying to get a PHP variable defined in a custom post into a javascript file. Null value. Using wp_localize_script
- Query if audio attachment AND/OR custom field
- Using $wpdb (WPDB class) ‘replace’ with multiple WHERE criteria problem
- WordPress SQL injection
- Which is the correct way to conditionally enqueue a CSS file?
- unable to use ‘new WP_Query’ in AJAX call
- Parse error: syntax error, unexpected ‘}’ on get_the_author_meta [closed]
- How to list commenters and days since last commented
- How to overwrite orderby with add_query_var
- Can’t update multiple rows with $wpdb query
- working with term_relationships table
- Can I make get_users() query global?
- How to display SQL query that ran in WC_Order_Query?
- Custom Post type slider with thumbnail navigation
- Shortcode to pull posts
- How to hide posts of a specific custom category in WordPress?
- WordPress PHP syntax doesn’t seem to be working correctly
- Querying for specific tags
- Limit tags shown in post
- Why my query does not run with prepare
- List of Events with Multiple Dates: Only NEXT Date
- Undefined variable: row?
- Change Query Arguments (filter) with jQuery/Ajax or PHP?
- WordPress Custom Query: Combining Two Functions
- WordPress is removing query variables like page, p from the URL of a custom static page
- WordPress Conditional / Multiple Taxonomy Query
- Reject all malicious URL requests functions.php
- Build A Custom SQL Query for WordPress Search
- WordPress Custom Form – Getting Query Vars, Weird Glitch?
- Display articles with a different template in the home page | Solved |
- array wordpress when get is null
- Reading URL Parameters
- Category Page Displaying all Pages
- How can i limit the number of posts to the most recent 6 in my query?
- Why does a header location on admin_head remove the query var I’m setting in the location?
- getting the values of hidden inputs to use them in a php mysql query
- Offset with ajax load more posts duplicates
- wordpress query returning unexpected results
- Let user select the number of posts shown per page jquery error
- How to do a MySql query in WordPress?
- Pagination in WP Queries
- How can I display a query in a page?
- Echo multiple tasks if a common function exists
- Get posts associated with media attachment
- How to enqueue assets only on queried pages, excluding the page being queried?
- Unserializeing multiple column values that are stored in one database results variable
- Check if values exists DB
- Trying to exclude posts from a category on the home page
- Problems With Query and/or Template Part and/or PHP
- If Elseif Query
- How to callback custom field text
- How can I add more code to this?
- The search engine of my website finds only posts and not pages, how can I solve this problem?
- Does wp_query and query_posts affect website performance? [duplicate]
- Hide empty categories from get_categories
- Query Concatenation
- How to insert a variable into a query parameter?
- WP_Query not returning results
- Show post like this image in my newssite [closed]
- Sorting a custom post type in pre_get_posts
- SQL query to retrieve the number of WordPress posts with all given categories
- Custom Filtering date with newsletter