-
-
Save spencejs/5218840 to your computer and use it in GitHub Desktop.
How to use this function with my theme which uses PHP?
The code above is PHP. You can add it to your theme's functions.php
file.
After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the LIKE
statement with the string returned by
$wpdb->placeholder_escape()
And instead of using grouping, it should be enough to set DISTINCT
using the posts_distinct
.
Also, note that this will perform a search for the whole search query. If you want to match tags matching one word of the query, you'll have to split up the query by spaces, loop over the words and add the $where
part for each of the words.
After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the
LIKE
statement with the string returned by$wpdb->placeholder_escape()
@Connum Could you elaborate why you need to replace them? Isn't that what the changes in the update address? i.e. Don't they get replaced by placeholder escape strings before the query anyway?
After the WordPress 4.8.3 security update, you'll have to replace the percent characters in the
LIKE
statement with the string returned by$wpdb->placeholder_escape()
@Connum Could you elaborate why you need to replace them? Isn't that what the changes in the update address? i.e. Don't they get replaced by placeholder escape strings before the query anyway?
The updated WP code will escape any percentage signs in a query, so they are no longer seen as a wildcard in SQL, in order to prevent injections via user input in places where you don't want to have wildcards. In order to have a real percentage sign in a query written in your plugin or theme code, you'll have to make use of the mentioned method.
@Connum Thanks for the quick reply. I'm finding that even if I use your method, if I literally search just % signs like %
or %%%
, it will return strange posts that don't even exist, some with weird titles and excerpts with actual code in them. The same thing happens if I search with a blank input. Something like 100% will query fine though with your method or the original method.
I have it like this:
function custom_search_where($where){
global $wpdb;
$placeholder_string = $wpdb->placeholder_escape();
if (is_search()) {
$where .= "OR (t.name LIKE '".$placeholder_string.get_search_query().$placeholder_string."' AND {$wpdb->posts}.post_status = 'publish')";
}
return $where;
}
The codes works, BUT... I am using Divi theme and when I use this code, Divi shows its default header and footer on search results pages. Anyone got a workaround for this? Here is our dev site: https://ansicvpn.com/?s=renewal&post_type=courses. I've searched on Divi Help and even opened a thread but none seems to be working. Hoping to find a solution here. Help is much appreciated.
How to use this function with my theme which uses PHP?
Thanks