Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 7826) +++ wp-includes/comment.php (working copy) @@ -593,10 +593,7 @@ if ( ! isset($user_id) ) $user_id = 0; - $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments - (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) - VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", - $comment_post_ID, $comment_author, $comment_author_email, $comment_author_url, $comment_author_IP, $comment_date, $comment_date_gmt, $comment_content, $comment_approved, $comment_agent, $comment_type, $comment_parent, $user_id) ); + $wpdb->insert($wpdb->comments, compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_author_IP', 'comment_date', 'comment_date_gmt', 'comment_content', 'comment_approved', 'comment_agent', 'comment_type', 'comment_parent', 'user_id')); $id = (int) $wpdb->insert_id; @@ -719,15 +716,16 @@ function wp_set_comment_status($comment_id, $comment_status) { global $wpdb; + $update = false; switch ( $comment_status ) { case 'hold': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); + $update = array('comment_approved' => '0'); break; case 'approve': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); + $update = array('comment_approved' => '1'); break; case 'spam': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); + $update = array('comment_approved' => 'spam'); break; case 'delete': return wp_delete_comment($comment_id); @@ -736,7 +734,7 @@ return false; } - if ( !$wpdb->query($query) ) + if ( $update && ! $wpdb->update($wpdb->comments, $update, array('comment_ID' => $comment_id)) ) return false; clean_comment_cache($comment_id); @@ -781,23 +779,7 @@ $comment_date_gmt = get_gmt_from_date($comment_date); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET - comment_content = %s, - comment_author = %s, - comment_author_email = %s, - comment_approved = %s, - comment_author_url = %s, - comment_date = %s, - comment_date_gmt = %s - WHERE comment_ID = %d", - $comment_content, - $comment_author, - $comment_author_email, - $comment_approved, - $comment_author_url, - $comment_date, - $comment_date_gmt, - $comment_ID) ); + $wpdb->update($wpdb->comments, compact('comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_author_url', 'comment_date', 'comment_date_gmt'), compact('comment_ID') ); $rval = $wpdb->rows_affected; @@ -1053,7 +1035,7 @@ $to_ping = get_to_ping($post_id); $pinged = get_pung($post_id); if ( empty($to_ping) ) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); + $wpdb->update($wpdb->posts, array('to_ping' => ''), array('ID' => $post_id) ); return; } Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 7826) +++ wp-includes/functions.php (working copy) @@ -328,7 +328,8 @@ wp_cache_set( $option_name, $newvalue, 'options' ); } - $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); + $wpdb->update($wpdb->options, array('option_value' => $newvalue), array('option_name' => $option_name) ); + if ( $wpdb->rows_affected == 1 ) { do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); return true; @@ -370,7 +371,7 @@ wp_cache_set( 'notoptions', $notoptions, 'options' ); } - $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); + $wpdb->insert($wpdb->options, array('option_name' => $name, 'option_value' => $value, 'autoload' => $autoload) ); do_action( "add_option_{$name}", $name, $value ); return; @@ -528,8 +529,7 @@ $allowed_types = array( 'video', 'audio' ); if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { $meta_value = "$url\n$len\n$type\n"; - $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) - VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); + $wpdb->insert($wpdb->postmeta, array('post_id' => $post_ID, 'meta_key' => 'enclosure', 'meta_value' => $meta_value) ); } } } Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 7826) +++ wp-includes/pluggable.php (working copy) @@ -1196,8 +1196,8 @@ global $wpdb; $hash = wp_hash_password($password); - $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); - $wpdb->query($query); + $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) ); + wp_cache_delete($user_id, 'users'); } endif; Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 7826) +++ wp-includes/post.php (working copy) @@ -378,7 +378,7 @@ global $wpdb; $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); - $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); + $return = $wpdb->update($wpdb->posts, array('post_type' => $post_type), array('ID' => $post_id) ); if ( 'page' == $post_type ) clean_page_cache($post_id); Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 7826) +++ wp-includes/taxonomy.php (working copy) @@ -1191,7 +1191,7 @@ } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; - $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); + $wpdb->update($wpdb->terms, compact('term_group'), array('term_id' => $alias->term_id) ); } } Index: wp-includes/user.php =================================================================== --- wp-includes/user.php (revision 7826) +++ wp-includes/user.php (working copy) @@ -189,15 +189,12 @@ } $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); - if ( !$cur ) { - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) - VALUES - ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); - } else if ( $cur->meta_value != $meta_value ) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); - } else { + if ( !$cur ) + $wpdb->insert($wpdb->usermeta, compact('user_id', 'meta_key', 'meta_value') ); + else if ( $cur->meta_value != $meta_value ) + $wpdb->update($wpdb->usermeta, compact('meta_value'), compact('user_id', 'meta_key') ); + else return false; - } wp_cache_delete($user_id, 'users'); Index: wp-login.php =================================================================== --- wp-login.php (revision 7826) +++ wp-login.php (working copy) @@ -96,7 +96,7 @@ $key = wp_generate_password(); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db - $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); + $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 7826) +++ xmlrpc.php (working copy) @@ -1352,7 +1352,7 @@ if( is_array( $attachments ) ) { foreach( $attachments as $file ) { if( strpos( $post_content, $file->guid ) !== false ) { - $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); + $wpdb->update($wpdb->posts, array('post_parent' => $post_ID), array('ID' => $file->ID) ); } } }