search

stellarwp / db

A WPDB wrapper and query builder library.
GNU General Public License v2.0
64 stars 4 forks source link

DB::delete() does not support comparison operators other than `=` and does so without warning #24

Open defunctl opened 2 weeks ago

defunctl commented 2 weeks ago

DB::delete() uses wpdb::delete() under the hood, which only supports the = comparison operator.

This can cause some seriously unexpected results, because the SQL is silently converted and doesn't warn the developer that they aren't executing their expected query.

Ideally, we would no longer use wpdb::delete() under the hood and instead build our own DELETE SQL. Temporary solutions could be some doc updates and finding a way to throw an exception if a developer tries to do this.

Delete query with comparison operator other than =:

DB::table( 'posts' )->where( 'ID', 100, '>' )->delete();

The expected SQL for the above query:

DELETE FROM wp_posts
WHERE `ID` > 100

The actual SQL for the above query:

DELETE FROM wp_posts
WHERE `ID` = 100
Rahmon commented 2 days ago

The same happens when trying to use whereIn.