fix: some sql prepare statment

getdokan · Dec 13, 2018 · d6aabe0 · d6aabe0
1 parent 983e5d0
commit d6aabe0
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/classes/template-withdraw.php b/classes/template-withdraw.php
@@ -418,13 +418,11 @@ function get_all_withdraws( $user_id, $limit = 100, $offset = 0 ) {
         global $wpdb;
 
         if ( empty( $user_id ) ) {
-            $sql = $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} ORDER BY date DESC LIMIT %d, %d", $offset, $limit );
+            $result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} ORDER BY date DESC LIMIT %d, %d", $offset, $limit ) );
         } else {
-            $sql = $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE user_id =%d ORDER BY date DESC LIMIT %d, %d", $user_id, $offset, $limit );
+            $result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE user_id =%d ORDER BY date DESC LIMIT %d, %d", $user_id, $offset, $limit ) );
         }
 
-        $result = $wpdb->get_results( $sql );
-
         return $result;
     }
 

diff --git a/classes/withdraw.php b/classes/withdraw.php
@@ -122,13 +122,11 @@ function get_withdraw_requests( $user_id = '', $status = 0, $limit = 10, $offset
         global $wpdb;
 
         if ( empty( $user_id ) ) {
-            $sql = $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE status = %d LIMIT %d, %d", $status, $offset, $limit );
+            $result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE status = %d LIMIT %d, %d", $status, $offset, $limit ) );
         } else {
-            $sql = $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE user_id = %d AND status = %d LIMIT %d, %d", $user_id, $status, $offset, $limit );
+            $result = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->dokan_withdraw} WHERE user_id = %d AND status = %d LIMIT %d, %d", $user_id, $status, $offset, $limit ) );
         }
 
-        $result = $wpdb->get_results( $sql );
-
         return $result;
     }
 

diff --git a/includes/functions.php b/includes/functions.php
@@ -229,7 +229,12 @@ function dokan_count_posts( $post_type, $user_id ) {
     $counts      = wp_cache_get( $cache_key, $cache_group );
 
     if ( false === $counts ) {
-        $results     = $wpdb->get_results( $wpdb->prepare( apply_filters( 'dokan_count_posts', "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s AND post_author = %d GROUP BY post_status" ), $post_type, $user_id ), ARRAY_A );
+        $results = $wpdb->get_results(
+            // phpcs:disable
+            $wpdb->prepare( apply_filters( 'dokan_count_posts', "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s AND post_author = %d GROUP BY post_status" ), $post_type, $user_id ), // phpcs:disable
+            // phpcs:enable
+            ARRAY_A
+        );
         $post_status = array_keys( dokan_get_post_status() );
         $counts      = array_fill_keys( get_post_stati(), 0 );
         $total       = 0;

diff --git a/includes/product-functions.php b/includes/product-functions.php
@@ -401,7 +401,7 @@ function dokan_search_seller_products( $term, $user_ids = false, $type = '', $in
             $users_where = " AND posts.post_author = '$user_ids'";
         }
     }
-    // phpcs:ignore WordPress.VIP.DirectDatabaseQuery.DirectQuery
+    // phpcs:ignore WordPress.DB.PreparedSQL
     $product_ids = $wpdb->get_col(
         // phpcs:disable
         $wpdb->prepare( "