Bug Report: Invalid SQL IN () on WooCommerce Order Edit Screen

Summary When editing a WooCommerce order in the admin, the plugin can run a database query with an empty <code class=””>IN () clause, causing a MariaDB/MySQL syntax error and logging a WordPress database error.Error Message WordPress database error You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘)’ at line 1 for query SELECT ID AS id, post_title AS name, post_status as status FROM wp_posts p WHERE p.post_type = ‘nab_experiment’ AND p.ID IN ()Stack Trace (relevant portion) do_action(‘load-woocommerce_page_wc-orders’) → Automattic\WooCommerce\Internal\Admin\Orders\PageController->handle_load_page_action → …->prepare_order_edit_form → Automattic\WooCommerce\Internal\Admin\Orders\Edit->setup → do_action(‘add_meta_boxes’) → Nelio_AB_Testing\WooCommerce\Conversion_Action_Library\Order_Completed\add_testing_meta_box → Nelio_AB_Testing\WooCommerce\Conversion_Action_Library\Order_Completed\get_experimentsSteps to Reproduce Ensure at least one A/B test uses the WooCommerce order conversion action ( nab/wc-order ). Create or use an order that has _nab_experiments_with_page_view order meta populated (e.g. the customer visited a tested page before checkout). Ensure that after <code class=””>get_experiments() filters experiment IDs by conversion rules ( does_conversion_selection_match_order ), no experiment IDs remain (e.g. products in the order do not match any experiment’s conversion selection). Open WooCommerce → Orders and edit that order. Observe the database error in the PHP/error log when the Nelio metabox is registered. Root Cause In <code class=””>get_experiments() (approx. lines 170–212), the code correctly returns early when $exp_ids is empty before filtering: $exp_ids = array_map( fn( $k ) => absint( $k ), array_keys( $exp_alt_map ) ); if ( empty( $exp_ids ) ) { return array(); } It then filters $exp_ids with <code class=””>array_filter() based on whether conversion actions match the order. If all IDs are removed, $exp_ids becomes empty, but execution continues and builds: $placeholders = implode( ‘,’, array_fill( 0, count( $exp_ids ), ‘%d’ ) ); // … “… AND p.ID IN ({$placeholders})” With zero placeholders, this becomes <code class=””>IN (), which is invalid SQL.Expected Behavior If no experiment IDs remain after filtering, the function should return an empty array without running the query (same as the early return when $exp_alt_map has no keys).Actual Behavior An invalid <code class=””>SELECT … WHERE p.ID IN () query is executed, triggering a database error on MariaDB/MySQL.Suggested Fix Add a second guard after the array_filter block and before building <code class=””>$placeholders: if ( empty( $exp_ids ) ) { return array(); }Environment (example from affected site) WordPress: (current stable) WooCommerce: HPOS / new orders admin UI (<code class=””>wc-orders) Nelio A/B Testing: 5.x / 6.x+ (WooCommerce order metabox module) Database: MariaDB PHP: 8.x Thanks for the report! Please give me some time to address it. Fixed in version 8.4.0