WP_User_Query::prepare_query() │ public │ WP 3.1.0

Prepares the query variables.

Method of the class: WP_User_Query{}

Return

null. Nothing (null).

Usage

$WP_User_Query = new WP_User_Query();
$WP_User_Query->prepare_query( $query );

$query(string|array)

Array or string of query parameters.

Default: array()

• blog_id(int)
  The site ID.
  Default: current site

• role(string|string[])
  An array or a comma-separated list of role names that users must match to be included in results. Note that this is an inclusive list: users must match each role.
  Default: ''

• role__in(string[])
  An array of role names. Matched users must have at least one of these roles.
  Default: empty array

• role__not_in(string[])
  An array of role names to exclude. Users matching one or more of these roles will not be included in results.
  Default: empty array

• meta_key(string|string[])
  Meta key or keys to filter by.

• meta_value(string|string[])
  Meta value or values to filter by.

• meta_compare(string)
  MySQL operator used for comparing the meta value. See WP_Meta_Query::__construct() for accepted values and default value.

• meta_compare_key(string)
  MySQL operator used for comparing the meta key. See WP_Meta_Query::__construct() for accepted values and default value.

• meta_type(string)
  MySQL data type that the meta_value column will be CAST to for comparisons. See WP_Meta_Query::__construct() for accepted values and default value.

• meta_type_key(string)
  MySQL data type that the meta_key column will be CAST to for comparisons. See WP_Meta_Query::__construct() for accepted values and default value.

• meta_query(array)
  An associative array of WP_Meta_Query arguments. See WP_Meta_Query::__construct() for accepted values.

• capability(string|string[])
  An array or a comma-separated list of capability names that users must match to be included in results. Note that this is an inclusive list: users must match each capability. Does NOT work for capabilities not in the database or filtered via {@see 'map_meta_cap'}.
  Default: ''

• capability__in(string[])
  An array of capability names. Matched users must have at least one of these capabilities. Does NOT work for capabilities not in the database or filtered via {@see 'map_meta_cap'}.
  Default: empty array

• capability__not_in(string[])
  An array of capability names to exclude. Users matching one or more of these capabilities will not be included in results. Does NOT work for capabilities not in the database or filtered via {@see 'map_meta_cap'}.
  Default: empty array

• include(int[])
  An array of user IDs to include.
  Default: empty array

• exclude(int[])
  An array of user IDs to exclude.
  Default: empty array

• search(string)
  Search keyword. Searches for possible string matches on columns. When $search_columns is left empty, it tries to determine which column to search in based on search string.
  Default: ''

• search_columns(string[])
  Array of column names to be searched. Accepts 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name'.
  Default: empty array

• orderby(string|array)
  Field(s) to sort the retrieved users by. May be a single value, an array of values, or a multi-dimensional array with fields as keys and orders ('ASC' or 'DESC') as values. Accepted values are:

  • 'ID'
  • 'display_name' (or 'name')
  • 'include'
  • 'user_login' (or 'login')
  • 'login__in'
  • 'user_nicename' (or 'nicename')
  • 'nicename__in'
  • 'user_email' (or 'email')
  • 'user_url' (or 'url')
  • 'user_registered' (or 'registered')
  • 'post_count'
  • 'meta_value'
  • 'meta_value_num'
  • The value of $meta_key
  • An array key of $meta_query To use 'meta_value' or 'meta_value_num', $meta_key must be also be defined.
    Default: 'user_login'

• order(string)
  Designates ascending or descending order of users. Order values passed as part of an $orderby array take precedence over this parameter. Accepts 'ASC', 'DESC'.
  Default: 'ASC'

• offset(int)
  Number of users to offset in retrieved results. Can be used in conjunction with pagination.

• number(int)
  Number of users to limit the query for. Can be used in conjunction with pagination. Value -1 (all) is supported, but should be used with caution on larger sites.
  Default: -1 (all users)

• paged(int)
  When used with number, defines the page of results to return.
  Default: 1

• count_total(true|false)
  Whether to count the total number of users found. If pagination is not needed, setting this to false can improve performance.
  Default: true

• fields(string|string[])
  Which fields to return. Single or all fields (string), or array of fields. Accepts:

  • 'ID'
  • 'display_name'
  • 'user_login'
  • 'user_nicename'
  • 'user_email'
  • 'user_url'
  • 'user_registered'
  • 'user_pass'
  • 'user_activation_key'
  • 'user_status'
  • 'spam' (only available on multisite installs)
  • 'deleted' (only available on multisite installs)
  • 'all' for all fields and loads user meta.
  • 'all_with_meta' Deprecated. Use 'all'.
    Default: 'all'

• who(string)
  Deprecated, use $capability instead. Type of users to query. Accepts 'authors'.
  Default: empty (all users)

• has_published_posts(true|false|string[])
  Pass an array of post types to filter results to users who have published posts in those post types. true is an alias for all public post types.

• nicename(string)
  The user nicename.
  Default: ''

• nicename__in(string[])
  An array of nicenames to include. Users matching one of these nicenames will be included in results.
  Default: empty array

• nicename__not_in(string[])
  An array of nicenames to exclude. Users matching one of these nicenames will not be included in results.
  Default: empty array

• login(string)
  The user login.
  Default: ''

• login__in(string[])
  An array of logins to include. Users matching one of these logins will be included in results.
  Default: empty array

• login__not_in(string[])
  An array of logins to exclude. Users matching one of these logins will not be included in results.
  Default: empty array

• cache_results(true|false)
  Whether to cache user information.
  Default: true

Notes

• Global. wpdb. $wpdb WordPress database abstraction object.
• Global. WP_Roles. $wp_roles WordPress role management object.

Changelog

WP_User_Query::prepare_query() WP User Query::prepare query code ^{WP 6.8}

public function prepare_query( $query = array() ) {
	global $wpdb, $wp_roles;

	if ( empty( $this->query_vars ) || ! empty( $query ) ) {
		$this->query_limit = null;
		$this->query_vars  = $this->fill_query_vars( $query );
	}

	/**
	 * Fires before the WP_User_Query has been parsed.
	 *
	 * The passed WP_User_Query object contains the query variables,
	 * not yet passed into SQL.
	 *
	 * @since 4.0.0
	 *
	 * @param WP_User_Query $query Current instance of WP_User_Query (passed by reference).
	 */
	do_action_ref_array( 'pre_get_users', array( &$this ) );

	// Ensure that query vars are filled after 'pre_get_users'.
	$qv =& $this->query_vars;
	$qv = $this->fill_query_vars( $qv );

	$allowed_fields = array(
		'id',
		'user_login',
		'user_pass',
		'user_nicename',
		'user_email',
		'user_url',
		'user_registered',
		'user_activation_key',
		'user_status',
		'display_name',
	);
	if ( is_multisite() ) {
		$allowed_fields[] = 'spam';
		$allowed_fields[] = 'deleted';
	}

	if ( is_array( $qv['fields'] ) ) {
		$qv['fields'] = array_map( 'strtolower', $qv['fields'] );
		$qv['fields'] = array_intersect( array_unique( $qv['fields'] ), $allowed_fields );

		if ( empty( $qv['fields'] ) ) {
			$qv['fields'] = array( 'id' );
		}

		$this->query_fields = array();
		foreach ( $qv['fields'] as $field ) {
			$field                = 'id' === $field ? 'ID' : sanitize_key( $field );
			$this->query_fields[] = "$wpdb->users.$field";
		}
		$this->query_fields = implode( ',', $this->query_fields );
	} elseif ( 'all_with_meta' === $qv['fields'] || 'all' === $qv['fields'] || ! in_array( $qv['fields'], $allowed_fields, true ) ) {
		$this->query_fields = "$wpdb->users.ID";
	} else {
		$field              = 'id' === strtolower( $qv['fields'] ) ? 'ID' : sanitize_key( $qv['fields'] );
		$this->query_fields = "$wpdb->users.$field";
	}

	if ( isset( $qv['count_total'] ) && $qv['count_total'] ) {
		$this->query_fields = 'SQL_CALC_FOUND_ROWS ' . $this->query_fields;
	}

	$this->query_from  = "FROM $wpdb->users";
	$this->query_where = 'WHERE 1=1';

	// Parse and sanitize 'include', for use by 'orderby' as well as 'include' below.
	if ( ! empty( $qv['include'] ) ) {
		$include = wp_parse_id_list( $qv['include'] );
	} else {
		$include = false;
	}

	$blog_id = 0;
	if ( isset( $qv['blog_id'] ) ) {
		$blog_id = absint( $qv['blog_id'] );
	}

	if ( $qv['has_published_posts'] && $blog_id ) {
		if ( true === $qv['has_published_posts'] ) {
			$post_types = get_post_types( array( 'public' => true ) );
		} else {
			$post_types = (array) $qv['has_published_posts'];
		}

		foreach ( $post_types as &$post_type ) {
			$post_type = $wpdb->prepare( '%s', $post_type );
		}

		$posts_table        = $wpdb->get_blog_prefix( $blog_id ) . 'posts';
		$this->query_where .= " AND $wpdb->users.ID IN ( SELECT DISTINCT $posts_table.post_author FROM $posts_table WHERE $posts_table.post_status = 'publish' AND $posts_table.post_type IN ( " . implode( ', ', $post_types ) . ' ) )';
	}

	// nicename
	if ( '' !== $qv['nicename'] ) {
		$this->query_where .= $wpdb->prepare( ' AND user_nicename = %s', $qv['nicename'] );
	}

	if ( ! empty( $qv['nicename__in'] ) ) {
		$sanitized_nicename__in = array_map( 'esc_sql', $qv['nicename__in'] );
		$nicename__in           = implode( "','", $sanitized_nicename__in );
		$this->query_where     .= " AND user_nicename IN ( '$nicename__in' )";
	}

	if ( ! empty( $qv['nicename__not_in'] ) ) {
		$sanitized_nicename__not_in = array_map( 'esc_sql', $qv['nicename__not_in'] );
		$nicename__not_in           = implode( "','", $sanitized_nicename__not_in );
		$this->query_where         .= " AND user_nicename NOT IN ( '$nicename__not_in' )";
	}

	// login
	if ( '' !== $qv['login'] ) {
		$this->query_where .= $wpdb->prepare( ' AND user_login = %s', $qv['login'] );
	}

	if ( ! empty( $qv['login__in'] ) ) {
		$sanitized_login__in = array_map( 'esc_sql', $qv['login__in'] );
		$login__in           = implode( "','", $sanitized_login__in );
		$this->query_where  .= " AND user_login IN ( '$login__in' )";
	}

	if ( ! empty( $qv['login__not_in'] ) ) {
		$sanitized_login__not_in = array_map( 'esc_sql', $qv['login__not_in'] );
		$login__not_in           = implode( "','", $sanitized_login__not_in );
		$this->query_where      .= " AND user_login NOT IN ( '$login__not_in' )";
	}

	// Meta query.
	$this->meta_query = new WP_Meta_Query();
	$this->meta_query->parse_query_vars( $qv );

	if ( isset( $qv['who'] ) && 'authors' === $qv['who'] && $blog_id ) {
		_deprecated_argument(
			'WP_User_Query',
			'5.9.0',
			sprintf(
				/* translators: 1: who, 2: capability */
				__( '%1$s is deprecated. Use %2$s instead.' ),
				'<code>who</code>',
				'<code>capability</code>'
			)
		);

		$who_query = array(
			'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'user_level',
			'value'   => 0,
			'compare' => '!=',
		);

		// Prevent extra meta query.
		$qv['blog_id'] = 0;
		$blog_id       = 0;

		if ( empty( $this->meta_query->queries ) ) {
			$this->meta_query->queries = array( $who_query );
		} else {
			// Append the cap query to the original queries and reparse the query.
			$this->meta_query->queries = array(
				'relation' => 'AND',
				array( $this->meta_query->queries, $who_query ),
			);
		}

		$this->meta_query->parse_query_vars( $this->meta_query->queries );
	}

	// Roles.
	$roles = array();
	if ( isset( $qv['role'] ) ) {
		if ( is_array( $qv['role'] ) ) {
			$roles = $qv['role'];
		} elseif ( is_string( $qv['role'] ) && ! empty( $qv['role'] ) ) {
			$roles = array_map( 'trim', explode( ',', $qv['role'] ) );
		}
	}

	$role__in = array();
	if ( isset( $qv['role__in'] ) ) {
		$role__in = (array) $qv['role__in'];
	}

	$role__not_in = array();
	if ( isset( $qv['role__not_in'] ) ) {
		$role__not_in = (array) $qv['role__not_in'];
	}

	// Capabilities.
	$available_roles = array();

	if ( ! empty( $qv['capability'] ) || ! empty( $qv['capability__in'] ) || ! empty( $qv['capability__not_in'] ) ) {
		$wp_roles->for_site( $blog_id );
		$available_roles = $wp_roles->roles;
	}

	$capabilities = array();
	if ( ! empty( $qv['capability'] ) ) {
		if ( is_array( $qv['capability'] ) ) {
			$capabilities = $qv['capability'];
		} elseif ( is_string( $qv['capability'] ) ) {
			$capabilities = array_map( 'trim', explode( ',', $qv['capability'] ) );
		}
	}

	$capability__in = array();
	if ( ! empty( $qv['capability__in'] ) ) {
		$capability__in = (array) $qv['capability__in'];
	}

	$capability__not_in = array();
	if ( ! empty( $qv['capability__not_in'] ) ) {
		$capability__not_in = (array) $qv['capability__not_in'];
	}

	// Keep track of all capabilities and the roles they're added on.
	$caps_with_roles = array();

	foreach ( $available_roles as $role => $role_data ) {
		$role_caps = array_keys( array_filter( $role_data['capabilities'] ) );

		foreach ( $capabilities as $cap ) {
			if ( in_array( $cap, $role_caps, true ) ) {
				$caps_with_roles[ $cap ][] = $role;
				break;
			}
		}

		foreach ( $capability__in as $cap ) {
			if ( in_array( $cap, $role_caps, true ) ) {
				$role__in[] = $role;
				break;
			}
		}

		foreach ( $capability__not_in as $cap ) {
			if ( in_array( $cap, $role_caps, true ) ) {
				$role__not_in[] = $role;
				break;
			}
		}
	}

	$role__in     = array_merge( $role__in, $capability__in );
	$role__not_in = array_merge( $role__not_in, $capability__not_in );

	$roles        = array_unique( $roles );
	$role__in     = array_unique( $role__in );
	$role__not_in = array_unique( $role__not_in );

	// Support querying by capabilities added directly to users.
	if ( $blog_id && ! empty( $capabilities ) ) {
		$capabilities_clauses = array( 'relation' => 'AND' );

		foreach ( $capabilities as $cap ) {
			$clause = array( 'relation' => 'OR' );

			$clause[] = array(
				'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
				'value'   => '"' . $cap . '"',
				'compare' => 'LIKE',
			);

			if ( ! empty( $caps_with_roles[ $cap ] ) ) {
				foreach ( $caps_with_roles[ $cap ] as $role ) {
					$clause[] = array(
						'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
						'value'   => '"' . $role . '"',
						'compare' => 'LIKE',
					);
				}
			}

			$capabilities_clauses[] = $clause;
		}

		$role_queries[] = $capabilities_clauses;

		if ( empty( $this->meta_query->queries ) ) {
			$this->meta_query->queries[] = $capabilities_clauses;
		} else {
			// Append the cap query to the original queries and reparse the query.
			$this->meta_query->queries = array(
				'relation' => 'AND',
				array( $this->meta_query->queries, array( $capabilities_clauses ) ),
			);
		}

		$this->meta_query->parse_query_vars( $this->meta_query->queries );
	}

	if ( $blog_id && ( ! empty( $roles ) || ! empty( $role__in ) || ! empty( $role__not_in ) || is_multisite() ) ) {
		$role_queries = array();

		$roles_clauses = array( 'relation' => 'AND' );
		if ( ! empty( $roles ) ) {
			foreach ( $roles as $role ) {
				$roles_clauses[] = array(
					'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
					'value'   => '"' . $role . '"',
					'compare' => 'LIKE',
				);
			}

			$role_queries[] = $roles_clauses;
		}

		$role__in_clauses = array( 'relation' => 'OR' );
		if ( ! empty( $role__in ) ) {
			foreach ( $role__in as $role ) {
				$role__in_clauses[] = array(
					'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
					'value'   => '"' . $role . '"',
					'compare' => 'LIKE',
				);
			}

			$role_queries[] = $role__in_clauses;
		}

		$role__not_in_clauses = array( 'relation' => 'AND' );
		if ( ! empty( $role__not_in ) ) {
			foreach ( $role__not_in as $role ) {
				$role__not_in_clauses[] = array(
					'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
					'value'   => '"' . $role . '"',
					'compare' => 'NOT LIKE',
				);
			}

			$role_queries[] = $role__not_in_clauses;
		}

		// If there are no specific roles named, make sure the user is a member of the site.
		if ( empty( $role_queries ) ) {
			$role_queries[] = array(
				'key'     => $wpdb->get_blog_prefix( $blog_id ) . 'capabilities',
				'compare' => 'EXISTS',
			);
		}

		// Specify that role queries should be joined with AND.
		$role_queries['relation'] = 'AND';

		if ( empty( $this->meta_query->queries ) ) {
			$this->meta_query->queries = $role_queries;
		} else {
			// Append the cap query to the original queries and reparse the query.
			$this->meta_query->queries = array(
				'relation' => 'AND',
				array( $this->meta_query->queries, $role_queries ),
			);
		}

		$this->meta_query->parse_query_vars( $this->meta_query->queries );
	}

	if ( ! empty( $this->meta_query->queries ) ) {
		$clauses            = $this->meta_query->get_sql( 'user', $wpdb->users, 'ID', $this );
		$this->query_from  .= $clauses['join'];
		$this->query_where .= $clauses['where'];

		if ( $this->meta_query->has_or_relation() ) {
			$this->query_fields = 'DISTINCT ' . $this->query_fields;
		}
	}

	// Sorting.
	$qv['order'] = isset( $qv['order'] ) ? strtoupper( $qv['order'] ) : '';
	$order       = $this->parse_order( $qv['order'] );

	if ( empty( $qv['orderby'] ) ) {
		// Default order is by 'user_login'.
		$ordersby = array( 'user_login' => $order );
	} elseif ( is_array( $qv['orderby'] ) ) {
		$ordersby = $qv['orderby'];
	} else {
		// 'orderby' values may be a comma- or space-separated list.
		$ordersby = preg_split( '/[,\s]+/', $qv['orderby'] );
	}

	$orderby_array = array();
	foreach ( $ordersby as $_key => $_value ) {
		if ( ! $_value ) {
			continue;
		}

		if ( is_int( $_key ) ) {
			// Integer key means this is a flat array of 'orderby' fields.
			$_orderby = $_value;
			$_order   = $order;
		} else {
			// Non-integer key means this the key is the field and the value is ASC/DESC.
			$_orderby = $_key;
			$_order   = $_value;
		}

		$parsed = $this->parse_orderby( $_orderby );

		if ( ! $parsed ) {
			continue;
		}

		if ( 'nicename__in' === $_orderby || 'login__in' === $_orderby ) {
			$orderby_array[] = $parsed;
		} else {
			$orderby_array[] = $parsed . ' ' . $this->parse_order( $_order );
		}
	}

	// If no valid clauses were found, order by user_login.
	if ( empty( $orderby_array ) ) {
		$orderby_array[] = "user_login $order";
	}

	$this->query_orderby = 'ORDER BY ' . implode( ', ', $orderby_array );

	// Limit.
	if ( isset( $qv['number'] ) && $qv['number'] > 0 ) {
		if ( $qv['offset'] ) {
			$this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['offset'], $qv['number'] );
		} else {
			$this->query_limit = $wpdb->prepare( 'LIMIT %d, %d', $qv['number'] * ( $qv['paged'] - 1 ), $qv['number'] );
		}
	}

	$search = '';
	if ( isset( $qv['search'] ) ) {
		$search = trim( $qv['search'] );
	}

	if ( $search ) {
		$leading_wild  = ( ltrim( $search, '*' ) !== $search );
		$trailing_wild = ( rtrim( $search, '*' ) !== $search );
		if ( $leading_wild && $trailing_wild ) {
			$wild = 'both';
		} elseif ( $leading_wild ) {
			$wild = 'leading';
		} elseif ( $trailing_wild ) {
			$wild = 'trailing';
		} else {
			$wild = false;
		}
		if ( $wild ) {
			$search = trim( $search, '*' );
		}

		$search_columns = array();
		if ( $qv['search_columns'] ) {
			$search_columns = array_intersect( $qv['search_columns'], array( 'ID', 'user_login', 'user_email', 'user_url', 'user_nicename', 'display_name' ) );
		}
		if ( ! $search_columns ) {
			if ( str_contains( $search, '@' ) ) {
				$search_columns = array( 'user_email' );
			} elseif ( is_numeric( $search ) ) {
				$search_columns = array( 'user_login', 'ID' );
			} elseif ( preg_match( '|^https?://|', $search ) && ! ( is_multisite() && wp_is_large_network( 'users' ) ) ) {
				$search_columns = array( 'user_url' );
			} else {
				$search_columns = array( 'user_login', 'user_url', 'user_email', 'user_nicename', 'display_name' );
			}
		}

		/**
		 * Filters the columns to search in a WP_User_Query search.
		 *
		 * The default columns depend on the search term, and include 'ID', 'user_login',
		 * 'user_email', 'user_url', 'user_nicename', and 'display_name'.
		 *
		 * @since 3.6.0
		 *
		 * @param string[]      $search_columns Array of column names to be searched.
		 * @param string        $search         Text being searched.
		 * @param WP_User_Query $query          The current WP_User_Query instance.
		 */
		$search_columns = apply_filters( 'user_search_columns', $search_columns, $search, $this );

		$this->query_where .= $this->get_search_sql( $search, $search_columns, $wild );
	}

	if ( ! empty( $include ) ) {
		// Sanitized earlier.
		$ids                = implode( ',', $include );
		$this->query_where .= " AND $wpdb->users.ID IN ($ids)";
	} elseif ( ! empty( $qv['exclude'] ) ) {
		$ids                = implode( ',', wp_parse_id_list( $qv['exclude'] ) );
		$this->query_where .= " AND $wpdb->users.ID NOT IN ($ids)";
	}

	// Date queries are allowed for the user_registered field.
	if ( ! empty( $qv['date_query'] ) && is_array( $qv['date_query'] ) ) {
		$date_query         = new WP_Date_Query( $qv['date_query'], 'user_registered' );
		$this->query_where .= $date_query->get_sql();
	}

	/**
	 * Fires after the WP_User_Query has been parsed, and before
	 * the query is executed.
	 *
	 * The passed WP_User_Query object contains SQL parts formed
	 * from parsing the given query.
	 *
	 * @since 3.1.0
	 *
	 * @param WP_User_Query $query Current instance of WP_User_Query (passed by reference).
	 */
	do_action_ref_array( 'pre_user_query', array( &$this ) );
}