Just for anyone else stumbling upon this, $wpdb->prepare() does not create a prepared statement, but rather just escaping values, similar to ye olde mysql_real_escape_string(). As a matter of fact, tracing through the code, you’ll notice it eventually ends up calling mysql(i)_real_escape_string() on each parameter.
I’m pretty new to WP but its working for me when both are in the functions.php. Not sure if its a matter of the code getting called too late, idk.
@yakup1981 Are both those code snippets from your functions.php file of your currently set theme?
