- $prefix = like_escape($wpdb->base_prefix);
- $wpdb->query( "DELETE FROM $wpdb->usermeta WHERE meta_key LIKE '{$prefix}%meta-box-hidden%' OR meta_key LIKE '{$prefix}%closedpostboxes%' OR meta_key LIKE '{$prefix}%manage-%-columns-hidden%' OR meta_key LIKE '{$prefix}%meta-box-order%' OR meta_key LIKE '{$prefix}%metaboxorder%' OR meta_key LIKE '{$prefix}%screen_layout%'
- OR meta_key = 'manageedittagscolumnshidden' OR meta_key='managecategoriescolumnshidden' OR meta_key = 'manageedit-tagscolumnshidden' OR meta_key = 'manageeditcolumnshidden' OR meta_key = 'categories_per_page' OR meta_key = 'edit_tags_per_page'" );
+ $sql = "DELETE FROM $wpdb->usermeta
+ WHERE meta_key LIKE %s
+ OR meta_key LIKE %s
+ OR meta_key LIKE %s
+ OR meta_key LIKE %s
+ OR meta_key LIKE %s
+ OR meta_key LIKE %s
+ OR meta_key = 'manageedittagscolumnshidden'
+ OR meta_key = 'managecategoriescolumnshidden'
+ OR meta_key = 'manageedit-tagscolumnshidden'
+ OR meta_key = 'manageeditcolumnshidden'
+ OR meta_key = 'categories_per_page'
+ OR meta_key = 'edit_tags_per_page'";
+ $prefix = $wpdb->esc_like( $wpdb->base_prefix );
+ $wpdb->query( $wpdb->prepare( $sql,
+ $prefix . '%' . $wpdb->esc_like( 'meta-box-hidden' ) . '%',
+ $prefix . '%' . $wpdb->esc_like( 'closedpostboxes' ) . '%',
+ $prefix . '%' . $wpdb->esc_like( 'manage-' ) . '%' . $wpdb->esc_like( '-columns-hidden' ) . '%',
+ $prefix . '%' . $wpdb->esc_like( 'meta-box-order' ) . '%',
+ $prefix . '%' . $wpdb->esc_like( 'metaboxorder' ) . '%',
+ $prefix . '%' . $wpdb->esc_like( 'screen_layout' ) . '%'
+ ) );