Permalink
Browse files

Prepare DB queries in more places. Props filosofo. see #6644

git-svn-id: http://svn.automattic.com/wordpress/trunk@7645 1a063a9b-81f0-0310-95a4-ce76da25c4cd
  • Loading branch information...
1 parent 796ae71 commit 248a0c06e2f1c1a00028b28337c22d994caa8744 ryan committed Apr 14, 2008
View
@@ -15,7 +15,7 @@
if ( strstr( $s, ',' ) )
die; // it's a multiple tag insert, we won't find anything
- $results = $wpdb->get_col( "SELECT name FROM $wpdb->terms WHERE name LIKE ('%$s%')" );
+ $results = $wpdb->get_col( $wpdb->prepare("SELECT name FROM $wpdb->terms WHERE name LIKE (%s)", '%' . $s . '%') );
echo join( $results, "\n" );
die;
}
@@ -12,8 +12,7 @@
$comments_deleted = $comments_approved = $comments_unapproved = $comments_spammed = 0;
foreach ($_REQUEST['delete_comments'] as $comment) : // Check the permissions on each
$comment = (int) $comment;
- $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
- // $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
+ $post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment) );
if ( !current_user_can('edit_post', $post_id) )
continue;
if ( !empty( $_REQUEST['spamit'] ) ) {
View
@@ -175,7 +175,7 @@
if ( 1 == count($posts) && is_singular() ) :
- $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
if ( $comments ) :
// Make sure comments, post, and post_author are cached
update_comment_cache($comments);
View
@@ -205,7 +205,7 @@
if ( 1 == count($posts) && is_singular() ) :
- $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
if ( $comments ) :
// Make sure comments, post, and post_author are cached
update_comment_cache($comments);
@@ -641,7 +641,7 @@ function save_authors() {
$host = $this->blogs[$importing_blog]['host'];
// Get an array of posts => authors
- $post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'");
+ $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
$post_ids = join( ',', $post_ids );
$results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
foreach ( $results as $row )
@@ -658,7 +658,7 @@ function save_authors() {
$post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
$post_ids = join( ',', $post_ids);
- $wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
$this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
}
$this->save_vars();
@@ -13,7 +13,7 @@
function get_comment_count($post_ID)
{
global $wpdb;
- return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+ return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
}
}
@@ -22,7 +22,7 @@ function get_comment_count($post_ID)
function link_exists($linkname)
{
global $wpdb;
- return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
+ return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
}
}
@@ -8,7 +8,7 @@
function get_comment_count($post_ID)
{
global $wpdb;
- return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+ return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
}
}
@@ -17,7 +17,7 @@ function get_comment_count($post_ID)
function link_exists($linkname)
{
global $wpdb;
- return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
+ return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
}
}
@@ -164,27 +164,27 @@ function convert_them() {
$id = $id['term_taxonomy_id'];
$posts = get_objects_in_term($category->term_id, 'category');
foreach ( $posts as $post ) {
- if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") )
- $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')");
+ if ( !$wpdb->get_var( $wpdb->prepare("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $post, $id) ) )
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES (%d, %d)", $post, $id) );
clean_post_cache($post);
}
} else {
- $tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
+ $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
if ( $tt_ids ) {
$posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id");
foreach ( (array) $posts as $post )
clean_post_cache($post);
}
// Change the category to a tag.
- $wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
- $terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
+ $terms = $wpdb->get_col( $wpdb->prepare("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
foreach ( (array) $terms as $term )
clean_category_cache($term);
// Set all parents to 0 (root-level) if their parent was the converted tag
- $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
}
// Clean the cache
clean_category_cache($category->term_id);
@@ -47,7 +47,7 @@ function wp_delete_link($link_id) {
wp_delete_object_term_relationships($link_id, 'link_category');
- $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
do_action('deleted_link', $link_id);
@@ -119,15 +119,14 @@ function wp_insert_link($linkdata) {
}
if ( $update ) {
- $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
- link_name='$link_name', link_image='$link_image',
- link_target='$link_target',
- link_visible='$link_visible', link_description='$link_description',
- link_rating='$link_rating', link_rel='$link_rel',
- link_notes='$link_notes', link_rss = '$link_rss'
- WHERE link_id='$link_id'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
+ link_name = %s, link_image = %s, link_target = %s,
+ link_visible = %s, link_description = %s, link_rating = %s,
+ link_rel = %s, link_notes = %s, link_rss = %s
+ WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
} else {
- $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
+ $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
$link_id = (int) $wpdb->insert_id;
}
@@ -3,8 +3,8 @@
function comment_exists($comment_author, $comment_date) {
global $wpdb;
- return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments
- WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'");
+ return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
+ WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
}
function edit_comment() {
@@ -67,7 +67,7 @@ function get_comment_to_edit( $id ) {
function get_pending_comments_num( $post_id ) {
global $wpdb;
$post_id = (int) $post_id;
- $pending = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '0'" );
+ $pending = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '0'", $post_id) );
return $pending;
}
@@ -17,7 +17,7 @@ function export_wp($author='') {
$where = '';
if ( $author and $author != 'all' ) {
$author_id = (int) $author;
- $where = " WHERE post_author = '$author_id' ";
+ $where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
}
// grab a snapshot of post IDs, just in case it changes during the export
@@ -217,7 +217,7 @@ function wxr_post_taxonomy() {
<wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url>
<?php } ?>
<?php
-$postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
+$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
if ( $postmeta ) {
?>
<?php foreach( $postmeta as $meta ) { ?>
@@ -228,7 +228,7 @@ function wxr_post_taxonomy() {
<?php } ?>
<?php } ?>
<?php
-$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
+$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
if ( $comments ) { foreach ( $comments as $c ) { ?>
<wp:comment>
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>
View
@@ -194,13 +194,13 @@ function post_exists($title, $content = '', $post_date = '') {
global $wpdb;
if (!empty ($post_date))
- $post_date = "AND post_date = '$post_date'";
+ $post_date = $wpdb->prepare("AND post_date = %s", $post_date);
if (!empty ($title))
- return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
+ return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
else
if (!empty ($content))
- return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
+ return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
return 0;
}
@@ -380,11 +380,9 @@ function add_meta( $post_ID ) {
wp_cache_delete($post_ID, 'post_meta');
- $wpdb->query( "
- INSERT INTO $wpdb->postmeta
- (post_id,meta_key,meta_value )
- VALUES ('$post_ID','$metakey','$metavalue' )
- " );
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
+ (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
+ $post_ID, $metakey, $metavalue) );
return $wpdb->insert_id;
}
return false;
@@ -394,10 +392,10 @@ function delete_meta( $mid ) {
global $wpdb;
$mid = (int) $mid;
- $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+ $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
wp_cache_delete($post_id, 'post_meta');
- return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
+ return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
}
// Get a list of previously defined keys
@@ -417,7 +415,7 @@ function get_post_meta_by_id( $mid ) {
global $wpdb;
$mid = (int) $mid;
- $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
+ $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
if ( is_serialized_string( $meta->meta_value ) )
$meta->meta_value = maybe_unserialize( $meta->meta_value );
return $meta;
@@ -427,11 +425,9 @@ function get_post_meta_by_id( $mid ) {
function has_meta( $postid ) {
global $wpdb;
- return $wpdb->get_results( "
- SELECT meta_key, meta_value, meta_id, post_id
- FROM $wpdb->postmeta
- WHERE post_id = '$postid'
- ORDER BY meta_key,meta_id", ARRAY_A );
+ return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
+ FROM $wpdb->postmeta WHERE post_id = %d
+ ORDER BY meta_key,meta_id", $postid), ARRAY_A );
}
@@ -443,13 +439,13 @@ function update_meta( $mid, $mkey, $mvalue ) {
if ( in_array($mkey, $protected) )
return false;
- $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+ $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
wp_cache_delete($post_id, 'post_meta');
$mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid;
- return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
+ return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->postmeta SET meta_key = %s, meta_value = %s WHERE meta_id = %d", $mkey, $mvalue, $mid) );
}
//
@@ -502,7 +498,7 @@ function _relocate_children( $old_ID, $new_ID ) {
global $wpdb;
$old_ID = (int) $old_ID;
$new_ID = (int) $new_ID;
- return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
+ return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
}
function get_available_post_statuses($type = 'post') {
@@ -892,7 +892,7 @@ function page_template_dropdown( $default = '' ) {
function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
global $wpdb, $post_ID;
- $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" );
+ $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) );
if ( $items ) {
foreach ( $items as $item ) {
Oops, something went wrong.

0 comments on commit 248a0c0

Please sign in to comment.