SQL_CALC_FOUND_ROWS statements refactored #1203
Conversation
| // Build result count query. | ||
| $count_query = "SELECT COUNT(*) as found | ||
| FROM $wpdb->stream | ||
| {$join} | ||
| WHERE 1=1 {$where}"; | ||
|
|
||
| /** | ||
| * Filter allows the result count query to be modified before execution. | ||
| * | ||
| * @param string $query | ||
| * @param array $args | ||
| * | ||
| * @return string | ||
| */ | ||
| $count_query = apply_filters( 'wp_stream_db_count_query', $count_query, $args ); |
There was a problem hiding this comment.
@ivankruchkoff Here's result count query.
| 'items' => $wpdb->get_results( $query ), // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared | ||
| 'count' => absint( $wpdb->get_var( $count_query ) ), // phpcs:ignore WordPress.DB.PreparedSQL.NotPrepared |
There was a problem hiding this comment.
@ivankruchkoff @kasparsd @derekherman I added explicit ignore comments here. I think don't anymore sanitation needs to be done because all dynamic parts of the query are run thru $wpdb->prepare() earlier in the function.
There was a problem hiding this comment.
Yeah, all the dynamic parts seem to be fine. However, we're now passing those queries through filters as the very last thing. I guess we need to trust that whoever is using that filter will do their job to sanitize the adjusted parts.
| * | ||
| * @return string | ||
| */ | ||
| $count_query = apply_filters( 'wp_stream_db_count_query', $count_query, $args ); |
There was a problem hiding this comment.
I don't think we need a filter here.
There was a problem hiding this comment.
I believe it will be needed, If someone is modifying the select query, they would need to modify the count query as well to make the count match the results shown.
kidunot89
force-pushed
the
bugfix/deprecated-mysql-fix
branch
from
cb56de0
to
be2ff03
Compare
There was a problem hiding this comment.
@kidunot89 Looks like everyone is good with the approach here. Can you please merge this in?
Fixes #1200 .
Checklist
SQL_CALC_FOUND_ROWSremoved from MySQL statements.