wpdb->get_row is selecting the variable as a column name

The error in question happened because you did not properly build your SQL query/statement:

  • The column name in your query is hashcode, and you are trying to get the row where the column value matches the value of the $file_hash variable, i.e. WHERE {$file_hash} = `hashcode`.

  • But because the value is a string/text (and not a number), then it needs to be wrapped in quotes like so: '$file_hash'.

  • And if you don’t do that, then the value would be seen as the column name instead of the supposedly column value.

So fixing the issue is basically easy — just wrap the variable with quotes like so:

SELECT *
FROM {$wpdb->prefix}vip_files 
WHERE '$file_hash' = `hashcode`

However, that query is highly prone to SQL injection attacks because the value of $file_hash is not escaped, so you need to escape it, and I would suggest you to use wpdb::prepare() like so:

$query = $wpdb->prepare( "SELECT *
    FROM {$wpdb->prefix}vip_files 
    WHERE %s = `hashcode`",
    $file_hash
);

$file = $wpdb->get_row( $query );

Also, remember that wpdb::prepare() requires at least two parameters: the SQL query with placeholders like %s; and the replacement values for the placeholders used in that SQL query, like so: $wpdb->prepare( "SELECT * FROM table_name WHERE some_column = %s", 'column value' ).

  • So this is actually incorrect: (this is what you used as you said in the comments)

    $wpdb->prepare("SELECT * FROM {$wpdb->prefix}vip_files WHERE '{$file_hash}' = `hashcode`")

    More specifically, yes, that code does work in that MySQL would not throw any error. But it will result in a PHP notice saying “wpdb::prepare was called incorrectly“. And what’s worse is, the above code will not actually going to escape the $file_hash variable!

  • And the correct code is this — I used the %s placeholder and the $file_hash is now the second parameter for $wpdb->prepare():

    $wpdb->prepare("SELECT * FROM {$wpdb->prefix}vip_files WHERE %s = `hashcode`", $file_hash)

So make sure to properly call wpdb::prepare() and note that escaping the variable value not only ensures the query to be safe from SQL injections, but escaping would also help us avoid syntax errors in SQL. I mean, when the variable value is something like 90's favorites (note the quote).

And I hope that helps, and do check out the full class reference for more details about the class and its methods/functions and properties. 🙂

Related Posts:

  1. How to use $wpdb to delete in a custom table
  2. get_results on large datasets
  3. Is there a (better) way to access $wpdb results?
  4. Using $wpdb generates DB error
  5. How do you use prepare when asking for a list of id’s
  6. how to execute different sql query in non-sanitized $wpdb->get_results function
  7. WPDB update row with != in where clause
  8. How to update records using $wpdb?
  9. Need help writing a $wpdb query
  10. show badge with count for pending items in custom post type
  11. WP Sql query multiple where clause
  12. WordPress SQL query – returning ‘true’ ‘false’ or ‘null’
  13. Modify the structure of data returned by $wpdb
  14. Syntax for $wpdb->prepare when searching in two columns
  15. Confused by $wpdb->prepare
  16. How to display user_nicename and usermeta values by custom query in WordPress?
  17. Optimizing WordPress Queries – Removing Group By ID
  18. How can I combine one field using wpdb and group by?
  19. $wpdb->prepare with ON DUPLICATE KEY UPDATE
  20. how to use $wpdb->prepare to update a custom table
  21. WPDB Placeholders and second argument for prepared statements
  22. Increment integer field in database when WHERE needs to be dynamic [closed]
  23. Custom SQL query ORDER BY term_order
  24. Custom $wpdb returns unexpected time based results
  25. How to left join meta in queries [closed]
  26. CREATE TABLE with dbDelta does not create table
  27. $wpdb query outputs php code instead of executing it
  28. wpdb query not working
  29. WordPress wpdb->insert returns int(0) => doesn’t insert anything, no errors!
  30. WPDB SQL Ignore `post_status` Parameter
  31. how to list all post that are in the custom taxonomy using $wpdb
  32. WPDB SQL query SELECT from category
  33. How to use WHERE NOT EXISTS query to avoid duplicate entry using $wpdb to save in custom table?
  34. Creating an Angular factory from custom database table
  35. wpdb->update update the entire table instead of one row
  36. How do I update post based on meta_key in another table?
  37. How to set up prepared query using IN statement
  38. Custom database query to validate data
  39. Alter the main search query to search posts by coauthor user name
  40. Creates only one table and not the other
  41. Protect custom form from SQL injection
  42. looking for a way to allow users to backup the plugin db data(save as)
  43. SQL Query to select post title & post ID from a particular category
  44. Get comments after specific date
  45. query using wpdb in wordpress gets me no result
  46. Get count of rows based if column exists in two different tables
  47. query_vars doesn’t return query string (trying to get data from $wpdb)
  48. How do I check for a duplicate record before inserting using wpdb
  49. passing variables as parameters to stored procedures via wpdb from php-script
  50. $wpdb->query() multiple query support
  51. $wpdb Query Result not coming but in phpmyadmin it works [closed]
  52. Join inside a wpdb query.. confused!
  53. How to fetch an array in $wpdb?
  54. How to query the WordPress database to get posts of a certain custom post type, taxonomy and field?
  55. Why doesn’t my insert query work?
  56. How to prevent $wpdb->prepare stripping a leading zero in variable value?
  57. Generate a unique hash/number for tracking on $wpdb insert
  58. wpdb->insert and stripslashes against sql injection
  59. SQL query for custom taxonomy slugs
  60. $wpdb select query by month, post type, and taxonomy term
  61. WPDB – How to search a column in a table
  62. wp_create_user not properly entering password
  63. $wpdb not being defined in function: Fatal error: Call to a member function query() on a non-object
  64. How to obtain a reference to $table_prefix in $wpdb object
  65. Trying to Connect to different database
  66. how to assign content to a different author while loading content
  67. How to pass orderby params to $wpdb->prepare()?
  68. Why does this WPDB code throw an empty WPDB error? [closed]
  69. wordpress $wpdb works only once
  70. get_results not returning anything
  71. WordPress core code contains things marked as deprecated by… WordPress?
  72. $wpdb – joining shows no result
  73. Compare transient data with a meta box value
  74. Sql formatting for post data within function
  75. Register custom table for WP to use in a plugin
  76. How to get INSERT errors from $wpdb?
  77. Display category names on edit user profile using $wpdb
  78. Need help converting get_user_meta [keys] into own array
  79. Can’t call WPDB inside RSS template
  80. wpdb and acf via wp rest api
  81. wpquery properties last_query and last_result : should these be public or private?
  82. check that the data exists before sending it to wpdb
  83. wpdb->insert with special chars failing with collation utf8mb4_unicode_520_ci
  84. no result returns when using $wpdb->get_results with where clause
  85. Customising the default wordpress search functionality
  86. update not working using wpdb
  87. get_posts() SQL Injection
  88. $wpdb select returns empty array
  89. Debugging db calls: $wpdb->insert works on test site, not on identical production site
  90. How to get specific table by current user login
  91. I can’t write in my DB using $wpdb->insert
  92. Include post_status check within $wpdb query
  93. wpdb get_row database query inquiry
  94. Depreciated Call -> Function wpdb::escape()
  95. Inserting and updating rows with wpdb indreases integer fields by 1 point sometimes
  96. Retrieve a list of users based on some conditions
  97. wp-postratings: list current user’s unrated posts
  98. esc_sql inserting weird chars to DB
  99. Error inserting row into table
  100. get only 1 wpdb and get taxonomy, post to next page [closed]