Automattic\WooCommerce\Internal\DataStores\Orders

OrdersTableQuery::where()publicWC 1.0

Generates a properly escaped and sanitized WHERE condition for a given field.

Method of the class: OrdersTableQuery{}

No Hooks.

Return

String. The resulting WHERE condition.

Usage

$OrdersTableQuery = new OrdersTableQuery();
$OrdersTableQuery->where( $table, $field, $operator, $value, $type ): string;
$table(string) (required)
The table the field belongs to.
$field(string) (required)
The field or column name.
$operator(string) (required)
The operator to use in the condition. or 'IN' depending on $value.
Default: '='
$value(mixed) (required)
The value.
$type(string) (required)
The column type as specified in OrdersTableDataStore{} column mappings.

OrdersTableQuery::where() code WC 8.7.0

woocommerce/src/Internal/DataStores/Orders/OrdersTableQuery.php 
public function where( string $table, string $field, string $operator, $value, string $type ): string {
	global $wpdb;

	$db_util  = wc_get_container()->get( DatabaseUtil::class );
	$operator = strtoupper( '' !== $operator ? $operator : '=' );

	try {
		$format = $db_util->get_wpdb_format_for_type( $type );
	} catch ( \Exception $e ) {
		$format = '%s';
	}

	// = and != can be shorthands for IN and NOT in for array values.
	if ( is_array( $value ) && '=' === $operator ) {
		$operator = 'IN';
	} elseif ( is_array( $value ) && '!=' === $operator ) {
		$operator = 'NOT IN';
	}

	if ( ! in_array( $operator, array( '=', '!=', 'IN', 'NOT IN' ), true ) ) {
		return false;
	}

	if ( is_array( $value ) ) {
		$value = array_map( array( $db_util, 'format_object_value_for_db' ), $value, array_fill( 0, count( $value ), $type ) );
	} else {
		$value = $db_util->format_object_value_for_db( $value, $type );
	}

	if ( is_array( $value ) ) {
		$placeholder = array_fill( 0, count( $value ), $format );
		$placeholder = '(' . implode( ',', $placeholder ) . ')';
	} else {
		$placeholder = $format;
	}

	$sql = $wpdb->prepare( "{$table}.{$field} {$operator} {$placeholder}", $value ); // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared,WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare

	return $sql;
}