I am working in WordPress and my $wpdb select query works without prepare but when I use the proper escaping and use $wpdb->prepare ... with prepare results never show up and results show when I don't use %s and prepare ... what is there that I am missing ... thanks and no error show up in inspect screen with prepare and results also don't show. Please guide what approach to use to save from sql injection then.
This work
$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = '$category' && 1user.competition = '$comp' ORDER BY 1user.uid DESC";
This does not work
$sql = "SELECT 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category, Sum(votes.votes) AS votessum, describebaby, current FROM 1user LEFT JOIN votes on 1user.uid=votes.uid GROUP BY 1user.uid, 1user.username, 1user.competition, 1user.path, 1user.category HAVING 1user.category = %s && 1user.competition = %s ORDER BY 1user.uid DESC";
$results = $wpdb->get_results($wpdb->prepare($sql),$category,$comp) or die(mysql_error());
