Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Fixed error in database query and applied some best practices #8

Merged
merged 1 commit into from

2 participants

@jrfnl
Collaborator

No description provided.

@jdevalk jdevalk merged commit 417da33 into from
@jdevalk
Owner

Thanks! This might end up in its own plugin at some point though, as it adds bulk to a plugin used by millions for only a few users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Oct 22, 2013
  1. @jrfnl
This page is out of date. Refresh to see the latest.
Showing with 18 additions and 13 deletions.
  1. +11 −11 frontend/class-frontend.php
  2. +2 −1  inc/class-tracking.php
  3. +5 −1 readme.txt
View
22 frontend/class-frontend.php
@@ -518,21 +518,21 @@ function wpec_transaction_tracking( $push ) {
if ( !isset( $cart_log_id ) || empty( $cart_log_id ) )
return $push;
- $city = $wpdb->get_var( "SELECT tf.value
- FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " tf
- LEFT JOIN " . WPSC_TABLE_CHECKOUT_FORMS . " cf
+ $city = $wpdb->get_var( $wpdb->prepare( "SELECT tf.value
+ FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " AS tf
+ LEFT JOIN " . WPSC_TABLE_CHECKOUT_FORMS . " AS cf
ON cf.id = tf.form_id
WHERE cf.type = 'city'
- AND log_id = " . $cart_log_id );
+ AND log_id = %s", $cart_log_id ) );
- $country = $wpdb->get_var( "SELECT tf.value
- FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " tf
- LEFT JOIN " . WPSC_TABLE_CHECKOUT_FORMS . " cf
+ $country = $wpdb->get_var( $wpdb->prepare( "SELECT tf.value
+ FROM " . WPSC_TABLE_SUBMITED_FORM_DATA . " AS tf
+ LEFT JOIN " . WPSC_TABLE_CHECKOUT_FORMS . " AS cf
ON cf.id = tf.form_id
WHERE cf.type = 'country'
- AND log_id = " . $cart_log_id );
+ AND log_id = %s", $cart_log_id ) );
- $cart_items = $wpdb->get_results( "SELECT * FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = " . $cart_log_id, ARRAY_A );
+ $cart_items = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM " . WPSC_TABLE_CART_CONTENTS . " WHERE purchaseid = %s", $cart_log_id ), ARRAY_A );
$total_shipping = $purchlogs->allpurchaselogs[0]->base_shipping;
$total_tax = 0;
@@ -551,9 +551,9 @@ function wpec_transaction_tracking( $push ) {
. "'" . $country . "'"; // Country
foreach ( $cart_items as $item ) {
- $item['sku'] = $wpdb->get_var( "SELECT meta_value FROM " . WPSC_TABLE_PRODUCTMETA . " WHERE meta_key = 'sku' AND product_id = '" . $item['prodid'] . "' LIMIT 1" );
+ $item['sku'] = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM " . WPSC_TABLE_PRODUCTMETA . " WHERE meta_key = 'sku' AND product_id = %s LIMIT 1", $item['prodid'] ) );
- $item['category'] = $wpdb->get_var( "SELECT pc.name FROM " . WPSC_TABLE_PRODUCT_CATEGORIES . " pc LEFT JOIN " . WPSC_TABLE_ITEM_CATEGORY_ASSOC . " ca ON pc.id = ca.category_id WHERE pc.group_id = '1' AND ca.product_id = '" . $item['prodid'] . "'" );
+ $item['category'] = $wpdb->get_var( $wpdb->prepare( "SELECT pc.name FROM " . WPSC_TABLE_PRODUCT_CATEGORIES . " AS pc LEFT JOIN " . WPSC_TABLE_ITEM_CATEGORY_ASSOC . " AS ca ON pc.id = ca.category_id WHERE pc.group_id = '1' AND ca.product_id = %s", $item['prodid'] ) );
$push[] = "'_addItem',"
. "'" . $cart_log_id . "'," // Order ID
. "'" . $item['sku'] . "'," // Item SKU
View
3  inc/class-tracking.php
@@ -110,7 +110,8 @@ function tracking() {
'name' => get_bloginfo( 'name' ),
'version' => get_bloginfo( 'version' ),
'multisite' => is_multisite(),
- 'users' => $wpdb->get_var( "SELECT COUNT(*) FROM wp_users INNER JOIN wp_usermeta ON (wp_users.ID = wp_usermeta.user_id) WHERE 1 = 1 AND ( wp_usermeta.meta_key = 'wp_{$blog_id}_capabilities' ) " ),
+ 'users' => $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->users INNER JOIN $wpdb->usermeta ON ({$wpdb->users}.ID = {$wpdb->usermeta}.user_id) WHERE 1 = 1 AND ( {$wpdb->usermeta}.meta_key = %s )", 'wp_' . $blog_id . '_capabilities' ) ),
+
'lang' => get_locale(),
),
'pts' => $pts,
View
6 readme.txt
@@ -58,6 +58,10 @@ This section describes how to install the plugin and get it working.
== Changelog ==
+= Trunk =
+
+* Bugfix: Fixed error in a database query as reported by [mikeotgaar](http://wordpress.org/support/topic/wordpress-database-error-table-1) and applied some best practices for the database queries - props [Jrf](http://profiles.wordpress.org/jrf).
+
= 4.3.3 =
* Fix a possible fatal error in tracking.
@@ -380,4 +384,4 @@ Because that's where it belongs. It makes the page load faster (yes, faster, due
4. Screenshot of the advanced settings panel.
5. Screenshot of the debugging mode in action.
-== Upgrade Notice ==
+== Upgrade Notice ==
Something went wrong with that request. Please try again.