Index: wp-comments-post.php =================================================================== --- wp-comments-post.php (revision 10428) +++ wp-comments-post.php (working copy) @@ -19,6 +19,7 @@ $comment_post_ID = (int) $_POST['comment_post_ID']; +// @RawSQLUse, trivial_implementation $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); if ( empty($status->comment_status) ) { Index: wp-login.php =================================================================== --- wp-login.php (revision 10428) +++ wp-login.php (working copy) @@ -133,12 +133,14 @@ else if ( is_wp_error($allow) ) return $allow; + // @RawSQLUse, trivial_implementation $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); if ( empty($key) ) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db + // @RawSQLUse, method_exists $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; @@ -169,6 +171,7 @@ if ( empty( $key ) ) return new WP_Error('invalid_key', __('Invalid key')); + // @RawSQLUse, trivial_implementation $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); if ( empty( $user ) ) return new WP_Error('invalid_key', __('Invalid key')); Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 10428) +++ wp-includes/taxonomy.php (working copy) @@ -248,6 +248,7 @@ $taxonomies = "'" . implode("', '", $taxonomies) . "'"; $terms = "'" . implode("', '", $terms) . "'"; + // @RawSQLUse, algorithmic $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($terms) ORDER BY tr.object_id $order"); if ( ! $object_ids ) @@ -317,6 +318,7 @@ $term = $term->term_id; $term = (int) $term; if ( ! $_term = wp_cache_get($term, $taxonomy) ) { + // @RawSQLUse, algorithmic $_term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.term_id = %s LIMIT 1", $taxonomy, $term) ); wp_cache_add($term, $_term, $taxonomy); } @@ -386,6 +388,7 @@ $value = (int) $value; } + // @RawSQLUse, algorithmic $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) ); if ( !$term ) return false; @@ -590,6 +593,7 @@ * @param string|array $args The values of what to search for when returning terms * @return array|WP_Error List of Term Objects and their children. Will return WP_Error, if any of $taxonomies do not exist. */ + function &get_terms($taxonomies, $args = '') { global $wpdb; $empty_array = array(); @@ -759,6 +763,7 @@ else if ( 'names' == $fields ) $select_this = 't.term_id, tt.parent, tt.count, t.name'; + // @RawSQLUse, algorithmic $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit"; $terms = $wpdb->get_results($query); @@ -839,7 +844,9 @@ function is_term($term, $taxonomy = '') { global $wpdb; + // @RawSQLUse, algorithmic $select = "SELECT term_id FROM $wpdb->terms as t WHERE "; + // @RawSQLUse, algorithmic $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE "; if ( is_int($term) ) { @@ -859,15 +866,17 @@ $else_where = 't.name = %s'; if ( !empty($taxonomy) ) { + // @RawSQLUse, algorithmic if ( $result = $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $slug, $taxonomy), ARRAY_A) ) return $result; - + // @RawSQLUse, algorithmic return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A); } - + // @RawSQLUse, algorithmic if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) ) return $result; + // @RawSQLUse, algorithmic return $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $else_where", $term) ); } @@ -1017,6 +1026,7 @@ if ( $ignore_empty ) $where = 'AND count > 0'; + // @RawSQLUse, simple_code return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) ); } @@ -1046,6 +1056,7 @@ foreach ( (array) $taxonomies as $taxonomy ) { $tt_ids = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids'); $in_tt_ids = "'" . implode("', '", $tt_ids) . "'"; + // @RawSQLUse, algorithmic $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_tt_ids)", $object_id) ); wp_update_term_count($tt_ids, $taxonomy); } @@ -1106,6 +1117,7 @@ $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) ); } + // @RawSQLUse, trivial_implementation $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) ); foreach ( (array) $objects as $object ) { @@ -1118,10 +1130,13 @@ wp_set_object_terms($object, $terms, $taxonomy); } + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) ); // Delete the term if no taxonomies use it. + // @RawSQLUse, simple_code if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) ); clean_term_cache($term, $taxonomy); @@ -1164,6 +1179,7 @@ * @param array|string $args Change what is returned * @return array|WP_Error The requested term data or empty array if no terms found. WP_Error if $taxonomy does not exist. */ + function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { global $wpdb; @@ -1225,6 +1241,7 @@ else if ( 'all_with_object_id' == $fields ) $select_this = 't.*, tt.*, tr.object_id'; + // @RawSQLUse, algorithmic $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tr.object_id IN ($object_ids) ORDER BY $orderby $order"; if ( 'all' == $fields || 'all_with_object_id' == $fields ) { @@ -1233,6 +1250,7 @@ } else if ( 'ids' == $fields || 'names' == $fields ) { $terms = array_merge($terms, $wpdb->get_col($query)); } else if ( 'tt_ids' == $fields ) { + // @RawSQLUse, algorithmic $terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id IN ($object_ids) AND tt.taxonomy IN ($taxonomies) ORDER BY tr.term_taxonomy_id $order"); } @@ -1322,13 +1340,16 @@ $term_group = 0; if ( $alias_of ) { + // @RawSQLUse, trivial_implementation $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); if ( $alias->term_group ) { // The alias we want is already in a group, so let's use that one. $term_group = $alias->term_group; } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. + // @RawSQLUse, simple_code $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); } } @@ -1351,6 +1372,7 @@ $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); } + // @RawSQLUse, algorithmic $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id ) ); if ( !empty($tt_id) ) @@ -1423,6 +1445,7 @@ $tt_id = $term_info['term_taxonomy_id']; $tt_ids[] = $tt_id; + // @RawSQLUse, trivial_implementation if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) ) continue; $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) ); @@ -1434,6 +1457,7 @@ $delete_terms = array_diff($old_tt_ids, $tt_ids); if ( $delete_terms ) { $in_delete_terms = "'" . implode("', '", $delete_terms) . "'"; + // @RawSQLUse, algorithmic $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) ); wp_update_term_count($delete_terms, $taxonomy); } @@ -1448,6 +1472,7 @@ if ( in_array($tt_id, $final_tt_ids) ) $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tt_id, ++$term_order); if ( $values ) + // @RawSQLUse, simple_code $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); } @@ -1498,8 +1523,10 @@ // If we didn't get a unique slug, try appending a number to make it unique. if ( !empty($args['term_id']) ) + // @RawSQLUse, algorithmic $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] ); else + // @RawSQLUse, trivial_implementation $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ); if ( $wpdb->get_var( $query ) ) { @@ -1507,6 +1534,7 @@ do { $alt_slug = $slug . "-$num"; $num++; + // @RawSQLUse, trivial_implementation $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) ); } while ( $slug_check ); $slug = $alt_slug; @@ -1586,18 +1614,21 @@ } if ( $alias_of ) { + // @RawSQLUse, trivial_implementation $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); if ( $alias->term_group ) { // The alias we want is already in a group, so let's use that one. $term_group = $alias->term_group; } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. + // @RawSQLUse, simple_code $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) ); } } // Check for duplicate slug + // @RawSQLUse, trivial_implementation $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); if ( $id && ($id != $term_id) ) { // If an empty slug was passed or the parent changed, reset the slug to something unique. @@ -1615,6 +1646,7 @@ $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); } + // @RawSQLUse, algorithmic $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) ); $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxonomy_id' => $tt_id ) ); @@ -1717,6 +1749,7 @@ } else { // Default count updater foreach ( (array) $terms as $term) { + // @RawSQLUse, simple_code $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term) ); $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); } @@ -1785,6 +1818,7 @@ // If no taxonomy, assume tt_ids. if ( empty($taxonomy) ) { $tt_ids = implode(', ', $ids); + // @RawSQLUse, algorithmic $terms = $wpdb->get_results("SELECT term_id, taxonomy FROM $wpdb->term_taxonomy WHERE term_taxonomy_id IN ($tt_ids)"); foreach ( (array) $terms as $term ) { $taxonomies[] = $term->taxonomy; @@ -2053,6 +2087,7 @@ } // Get the object and term ids and stick them in a lookup table + // @RawSQLUse, algorithmic $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'"); foreach ( $results as $row ) { $id = $term_ids[$row->term_taxonomy_id]; @@ -2099,6 +2134,7 @@ global $wpdb; foreach ( (array) $terms as $term ) { + // @RawSQLUse, simple_code $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term ) ); $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); } Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 10428) +++ wp-includes/post.php (working copy) @@ -224,6 +224,7 @@ $post = $post->ID; $post = (int) $post; if ( ! $_post = wp_cache_get($post, 'posts') ) { + // @RawSQLUse, simple_code $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); if ( ! $_post ) return $null; @@ -424,6 +425,7 @@ global $wpdb; $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); + // @RawSQLUse, method_exists $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); if ( 'page' == $post_type ) @@ -519,6 +521,7 @@ // expected_slashed ($meta_key) $meta_key = stripslashes($meta_key); + // @RawSQLUse, trivial_implementation if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) return false; @@ -559,16 +562,20 @@ $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); if ( empty( $meta_value ) ) + // @RawSQLUse, trivial_implementation $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); else + // @RawSQLUse, trivial_implementation $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); if ( !$meta_id ) return false; if ( empty( $meta_value ) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); else + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); wp_cache_delete($post_id, 'post_meta'); @@ -637,6 +644,7 @@ // expected_slashed ($meta_key) $meta_key = stripslashes($meta_key); + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) { return add_post_meta($post_id, $meta_key, $meta_value); } @@ -667,6 +675,7 @@ */ function delete_post_meta_by_key($post_meta_key) { global $wpdb; + // @RawSQLUse, trivial_implementation if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { /** @todo Get post_ids and delete cache */ // wp_cache_delete($post_id, 'post_meta'); @@ -950,6 +959,7 @@ $cache_key = $type; + // @RawSQLUse, simple_code $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s"; if ( 'readable' == $perm && is_user_logged_in() ) { if ( !current_user_can("read_private_{$type}s") ) { @@ -994,6 +1004,7 @@ global $wpdb; $and = wp_post_mime_type_where( $mime_type ); + // @RawSQLUse, simple_code $count = $wpdb->get_results( "SELECT post_mime_type, COUNT( * ) AS num_posts FROM $wpdb->posts WHERE post_type = 'attachment' $and GROUP BY post_mime_type", ARRAY_A ); $stats = array( ); @@ -1101,6 +1112,7 @@ function wp_delete_post($postid = 0) { global $wpdb, $wp_rewrite; + // @RawSQLUse, trivial_implementation if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; @@ -1127,6 +1139,7 @@ } // Point children of this page to its parent, also clean the cache of affected children + // @RawSQLUse, trivial_implementation $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid); $children = $wpdb->get_results($children_query); @@ -1136,6 +1149,7 @@ } // Do raw query. wp_get_post_revisions() is filtered + // @RawSQLUse, trivial_implementation $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) ); // Use wp_delete_post (via wp_delete_post_revision) again. Ensures any meta/misplaced data gets cleaned up. foreach ( $revision_ids as $revision_id ) @@ -1144,10 +1158,13 @@ // Point all attachments to this post up one level $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); if ( 'page' == $post->post_type ) { @@ -1258,6 +1275,7 @@ $limit = "LIMIT $num"; } + // @RawSQLUse, simple_code $sql = "SELECT * FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC $limit"; $result = $wpdb->get_results($sql,ARRAY_A); @@ -1467,12 +1485,14 @@ $post_password = ''; if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) { + // @RawSQLUse, algorithmic $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { $suffix = 2; do { $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; + // @RawSQLUse, algorithmic $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_type, $post_ID, $post_parent)); $suffix++; } while ($post_name_check); @@ -1500,6 +1520,7 @@ // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { $data['ID'] = $import_id; } @@ -1814,6 +1835,7 @@ */ function add_ping($post_id, $uri) { global $wpdb; + // @RawSQLUse, trivial_implementation $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); @@ -1863,6 +1885,7 @@ */ function get_pung($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); @@ -1881,6 +1904,7 @@ */ function get_to_ping($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); $to_ping = trim($to_ping); $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); @@ -1935,6 +1959,7 @@ global $wpdb; if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { + // @RawSQLUse, trivial_implementation $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); wp_cache_add('all_page_ids', $page_ids, 'posts'); } @@ -1988,6 +2013,7 @@ foreach( (array) $page_paths as $pathdir) $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); + // @RawSQLUse, algorithmic $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND (post_type = 'page' OR post_type = 'attachment')", $leaf_path )); if ( empty($pages) ) @@ -1997,6 +2023,7 @@ $path = '/' . $leaf_path; $curpage = $page; while ($curpage->post_parent != 0) { + // @RawSQLUse, trivial_implementation $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); $path = '/' . $curpage->post_name . $path; } @@ -2020,6 +2047,7 @@ */ function get_page_by_title($page_title, $output = OBJECT) { global $wpdb; + // @RawSQLUse, trivial_implementation $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); if ( $page ) return get_page($page, $output); @@ -2114,7 +2142,9 @@ * * @param mixed $args Optional. Array or string of options that overrides defaults. * @return array List of pages matching defaults or $args + * @RawSQLUse, algorithmic */ + function &get_pages($args = '') { global $wpdb; @@ -2221,6 +2251,7 @@ if ( $parent >= 0 ) $where .= $wpdb->prepare(' AND post_parent = %d ', $parent); + // @RawSQLUse, algorithmic $query = "SELECT * FROM $wpdb->posts $join WHERE (post_type = 'page' AND post_status = 'publish') $where "; $query .= $author_query; $query .= " ORDER BY " . $sort_column . " " . $sort_order ; @@ -2374,6 +2405,7 @@ $post_name = sanitize_title($post_name); // expected_slashed ($post_name) + // @RawSQLUse, algorithmic $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID)); if ($post_name_check) { @@ -2381,6 +2413,7 @@ while ($post_name_check) { $alt_post_name = $post_name . "-$suffix"; // expected_slashed ($alt_post_name, $post_name) + // @RawSQLUse, algorithmic $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent)); $suffix++; } @@ -2437,6 +2470,7 @@ // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { $data['ID'] = $import_id; } @@ -2484,6 +2518,7 @@ function wp_delete_attachment($postid) { global $wpdb; + // @RawSQLUse, trivial_implementation if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; @@ -2498,16 +2533,20 @@ /** @todo Delete for pluggable post taxonomies too */ wp_delete_object_term_relationships($postid, array('category', 'post_tag')); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); $uploadPath = wp_upload_dir(); if ( ! empty($meta['thumb']) ) { // Don't delete the thumb if another attachment uses it + // @RawSQLUse, algorithmic if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { $thumbfile = str_replace(basename($file), $meta['thumb'], $file); $thumbfile = apply_filters('wp_delete_file', $thumbfile); @@ -2832,7 +2871,9 @@ * * @param string $post_type currently only supports 'post' or 'page'. * @return string SQL code that can be added to a where clause. + * @RawSQLUse, algorithmic */ + function get_private_posts_cap_sql($post_type) { global $user_ID; $cap = ''; @@ -2894,12 +2935,15 @@ if ( !isset($cache_lastpostdate[$blog_id][$timezone]) ) { switch(strtolower($timezone)) { case 'gmt': + // @RawSQLUse, simple_code $lastpostdate = $wpdb->get_var("SELECT post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); break; case 'blog': + // @RawSQLUse, simple_code $lastpostdate = $wpdb->get_var("SELECT post_date FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); break; case 'server': + // @RawSQLUse, simple_code $lastpostdate = $wpdb->get_var("SELECT DATE_ADD(post_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); break; } @@ -2933,12 +2977,15 @@ if ( !isset($cache_lastpostmodified[$blog_id][$timezone]) ) { switch(strtolower($timezone)) { case 'gmt': + // @RawSQLUse, simple_code $lastpostmodified = $wpdb->get_var("SELECT post_modified_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); break; case 'blog': + // @RawSQLUse, simple_code $lastpostmodified = $wpdb->get_var("SELECT post_modified FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); break; case 'server': + // @RawSQLUse, simple_code $lastpostmodified = $wpdb->get_var("SELECT DATE_ADD(post_modified_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); break; } @@ -3003,6 +3050,7 @@ do_action('clean_post_cache', $id); + // @RawSQLUse, trivial_implementation if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) { foreach( $children as $cid ) clean_post_cache( $cid ); @@ -3119,6 +3167,7 @@ // Get post-meta info $id_list = join(',', $ids); $cache = array(); + // @RawSQLUse, algorithmic if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN ($id_list)", ARRAY_A) ) { foreach ( (array) $meta_list as $metarow) { $mpid = (int) $metarow['post_id']; @@ -3283,6 +3332,7 @@ return; $id = $_post->ancestors[] = $_post->post_parent; + // @RawSQLUse, simple_code while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) { if ( $id == $ancestor ) break; Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 10428) +++ wp-includes/comment.php (working copy) @@ -80,12 +80,14 @@ $domain = $uri['host']; $uri = parse_url( get_option('home') ); $home_domain = $uri['host']; + // @RawSQLUse, algorithmic if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) return true; else return false; } elseif ( $author != '' && $email != '' ) { // expected_slashed ($author, $email) + // @RawSQLUse, simple_code $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); if ( ( 1 == $ok_to_comment ) && ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) @@ -110,6 +112,7 @@ */ function get_approved_comments($post_id) { global $wpdb; + // @RawSQLUse, simple_code return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); } @@ -145,6 +148,7 @@ if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { $_comment = & $GLOBALS['comment']; } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { + // @RawSQLUse, simple_code $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); wp_cache_add($_comment->comment_ID, $_comment, 'comment'); } @@ -231,6 +235,7 @@ else $post_where = ''; + // @RawSQLUse, algorithmic $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE $post_where $approved ORDER BY $orderby $order $number" ); wp_cache_add( $cache_key, $comments, 'comment' ); @@ -281,12 +286,15 @@ switch ( strtolower($timezone)) { case 'gmt': + // @RawSQLUse, simple_code $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); break; case 'blog': + // @RawSQLUse, simple_code $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); break; case 'server': + // @RawSQLUse, simple_code $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server)); break; } @@ -319,6 +327,7 @@ $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id); } + // @RawSQLUse, simple_code $totals = (array) $wpdb->get_results(" SELECT comment_approved, COUNT( * ) AS total FROM {$wpdb->comments} @@ -418,6 +427,7 @@ if ( $user_id ) { $userdata = get_userdata($user_id); $user = new WP_User($user_id); + // @RawSQLUse, simple_code $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); } @@ -459,6 +469,7 @@ global $wpdb; if ( current_user_can( 'manage_options' ) ) return; // don't throttle admins + // @RawSQLUse, algorithmic if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) { $time_lastcomment = mysql2date('U', $lasttime); $time_newcomment = mysql2date('U', $date); @@ -592,6 +603,7 @@ $comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : ''; // Count comments older than this one + // @RawSQLUse, algorithmic $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) ); // No older comments? Then it's page #1. @@ -692,6 +704,7 @@ if( $post_id > 0 ) $where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id ); + // @RawSQLUse, simple_code $count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A ); $total = 0; @@ -736,6 +749,7 @@ $comment = get_comment($comment_id); + // @RawSQLUse, trivial_implementation if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) return false; @@ -878,6 +892,7 @@ if ( ! isset($comment_type) ) $comment_type = ''; + // @RawSQLUse, method_exists $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", @@ -1016,9 +1031,11 @@ switch ( $comment_status ) { case 'hold': + // @RawSQLUse, simple_code $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); break; case 'approve': + // @RawSQLUse, simple_code $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); if ( get_option('comments_notify') ) { $comment = get_comment($comment_id); @@ -1026,6 +1043,7 @@ } break; case 'spam': + // @RawSQLUse, simple_code $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); break; case 'delete': @@ -1091,6 +1109,7 @@ else if ( 'approve' == $comment_approved ) $comment_approved = 1; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET comment_content = %s, comment_author = %s, @@ -1205,7 +1224,9 @@ return false; $old = (int) $post->comment_count; + // @RawSQLUse, trivial_implementation $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); if ( 'page' == $post->post_type ) @@ -1291,18 +1312,23 @@ global $wpdb; // Do pingbacks + // @RawSQLUse, simple_code while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { + // @RawSQLUse, trivial_implementation $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); pingback($ping->post_content, $ping->ID); } // Do Enclosures + // @RawSQLUse, simple_code while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); do_enclose($enclosure->post_content, $enclosure->ID); } // Do Trackbacks + // @RawSQLUse, algorithmic $trackbacks = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE to_ping <> '' AND post_status = 'publish'"); if ( is_array($trackbacks) ) foreach ( $trackbacks as $trackback ) @@ -1323,10 +1349,12 @@ function do_trackbacks($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); $to_ping = get_to_ping($post_id); $pinged = get_pung($post_id); if ( empty($to_ping) ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); return; } @@ -1348,6 +1376,7 @@ trackback($tb_ping, $post_title, $excerpt, $post_id); $pinged[] = $tb_ping; } else { + // @RawSQLUse, simple_code $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); } } @@ -1501,7 +1530,9 @@ return; $tb_url = addslashes( $trackback_url ); + // @RawSQLUse, simple_code $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) ); + // @RawSQLUse, simple_code return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) ); } Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 10428) +++ wp-includes/functions.php (working copy) @@ -331,6 +331,7 @@ if ( defined( 'WP_INSTALLING' ) ) $suppress = $wpdb->suppress_errors(); // expected_slashed ($setting) + // @RawSQLUse, simple_code $row = $wpdb->get_row( "SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1" ); if ( defined( 'WP_INSTALLING' ) ) $wpdb->suppress_errors($suppress); @@ -407,7 +408,9 @@ function get_alloptions() { global $wpdb; $show = $wpdb->hide_errors(); + // @RawSQLUse, trivial_implementation if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) + // @RawSQLUse, trivial_implementation $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); $wpdb->show_errors($show); @@ -441,7 +444,9 @@ if ( !$alloptions ) { $suppress = $wpdb->suppress_errors(); + // @RawSQLUse, trivial_implementation if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) + // @RawSQLUse, trivial_implementation $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); $wpdb->suppress_errors($suppress); $alloptions = array(); @@ -514,6 +519,7 @@ wp_cache_set( $option_name, $newvalue, 'options' ); } + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); if ( $wpdb->rows_affected == 1 ) { do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); @@ -581,6 +587,7 @@ wp_cache_set( 'notoptions', $notoptions, 'options' ); } + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); do_action( "add_option_{$name}", $name, $value ); @@ -604,10 +611,12 @@ // Get the ID, if no ID then return // expected_slashed ($name) + // @RawSQLUse, trivial_implementation $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); if ( is_null($option) || !$option->option_id ) return false; // expected_slashed ($name) + // @RawSQLUse, trivial_implementation $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); if ( 'yes' == $option->autoload ) { $alloptions = wp_load_alloptions(); @@ -987,6 +996,7 @@ } foreach ( (array) $post_links as $url ) { + // @RawSQLUse, algorithmic if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) { if ( $headers = wp_get_http_headers( $url) ) { $len = (int) $headers['content-length']; @@ -994,6 +1004,7 @@ $allowed_types = array( 'video', 'audio' ); if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { $meta_value = "$url\n$len\n$type\n"; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); } @@ -1537,6 +1548,7 @@ return true; $suppress = $wpdb->suppress_errors(); + // @RawSQLUse, trivial_implementation $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); $wpdb->suppress_errors($suppress); Index: wp-includes/comment-template.php =================================================================== --- wp-includes/comment-template.php (revision 10428) +++ wp-includes/comment-template.php (working copy) @@ -814,10 +814,13 @@ /** @todo Use API instead of SELECTs. */ if ( $user_ID) { + // @RawSQLUse, algorithmic $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $user_ID)); } else if ( empty($comment_author) ) { + // @RawSQLUse, simple_code $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID)); } else { + // @RawSQLUse, algorithmic $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email)); } Index: wp-includes/user.php =================================================================== --- wp-includes/user.php (revision 10428) +++ wp-includes/user.php (working copy) @@ -108,6 +108,7 @@ global $wpdb; if ( !$user ) $user = $wpdb->escape($_COOKIE[USER_COOKIE]); + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); } @@ -123,6 +124,7 @@ function get_usernumposts($userid) { global $wpdb; $userid = (int) $userid; + // @RawSQLUse, trivial_implementation $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post')); return apply_filters('get_usernumposts', $count, $userid); } @@ -232,6 +234,7 @@ global $wpdb, $blog_id; if ( empty($id) ) $id = (int) $blog_id; + // @RawSQLUse, simple_code $users = $wpdb->get_results( "SELECT user_id, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); return $users; } @@ -262,8 +265,10 @@ $meta_value = trim( $meta_value ); if ( ! empty($meta_value) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); else + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); wp_cache_delete($user_id, 'users'); @@ -300,8 +305,10 @@ if ( false !== $user && isset($user->$meta_key) ) $metas = array($user->$meta_key); else + // @RawSQLUse, trivial_implementation $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); } else { + // @RawSQLUse, trivial_implementation $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) ); } @@ -352,12 +359,15 @@ return delete_usermeta($user_id, $meta_key); } + // @RawSQLUse, trivial_implementation $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); if ( !$cur ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) VALUES ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); } else if ( $cur->meta_value != $meta_value ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); } else { return false; @@ -458,6 +468,7 @@ $r = wp_parse_args( $args, $defaults ); extract( $r, EXTR_SKIP ); + // @RawSQLUse, algorithmic $query = "SELECT * FROM $wpdb->users"; $query_where = array(); @@ -529,6 +540,7 @@ global $wpdb; $show = $wpdb->hide_errors(); + // @RawSQLUse, trivial_implementation $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); $wpdb->show_errors($show); Index: wp-includes/query.php =================================================================== --- wp-includes/query.php (revision 10428) +++ wp-includes/query.php (working copy) @@ -1922,6 +1922,7 @@ $taxonomy_field = $item == 'tag_slug__and' ? 'slug' : 'term_id'; $q[$item] = array_unique($q[$item]); + // @RawSQLUse, algorithmic $tsql = "SELECT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->term_relationships tr ON (p.ID = tr.object_id) INNER JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) INNER JOIN $wpdb->terms t ON (tt.term_id = t.term_id)"; $tsql .= " WHERE tt.taxonomy = '$taxonomy' AND t.$taxonomy_field IN ('" . implode("', '", $q[$item]) . "')"; $tsql .= " GROUP BY p.ID HAVING count(p.ID) = " . count($q[$item]); @@ -2186,6 +2187,7 @@ $cgroupby = apply_filters('comment_feed_groupby', $cgroupby); } + // @RawSQLUse, algorithmic $this->comments = (array) $wpdb->get_results("SELECT $distinct $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere $cgroupby ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss')); $this->comment_count = count($this->comments); @@ -2242,6 +2244,7 @@ if ( !empty($limits) ) $found_rows = 'SQL_CALC_FOUND_ROWS'; + // @RawSQLUse, algorithmic $this->request = " SELECT $found_rows $distinct $fields FROM $wpdb->posts $join WHERE 1=1 $where $groupby $orderby $limits"; if ( !$q['suppress_filters'] ) $this->request = apply_filters('posts_request', $this->request); @@ -2254,6 +2257,7 @@ if ( !empty($this->posts) && $this->is_comment_feed && $this->is_singular ) { $cjoin = apply_filters('comment_feed_join', ''); $cwhere = apply_filters('comment_feed_where', "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'"); + // @RawSQLUse, algorithmic $comments_request = "SELECT $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss'); $this->comments = $wpdb->get_results($comments_request); $this->comment_count = count($this->comments); @@ -2323,6 +2327,7 @@ // Fetch sticky posts that weren't in the query results if ( !empty($sticky_posts) ) { $stickies__in = implode(',', array_map( 'absint', $sticky_posts )); + // @RawSQLUse, algorithmic $stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in)" ); /** @todo Make sure post is published or viewable by the current user */ foreach ( $stickies as $sticky_post ) { @@ -2615,6 +2620,7 @@ if ( is_404() && '' != $wp_query->query_vars['name'] ) : global $wpdb; + // @RawSQLUse, simple_code $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'"; // if year, monthnum, or day have been specified, make our query more precise Index: wp-includes/bookmark.php =================================================================== --- wp-includes/bookmark.php (revision 10428) +++ wp-includes/bookmark.php (working copy) @@ -32,6 +32,7 @@ if ( isset($GLOBALS['link']) && ($GLOBALS['link']->link_id == $bookmark) ) { $_bookmark = & $GLOBALS['link']; } elseif ( ! $_bookmark = wp_cache_get($bookmark, 'bookmark') ) { + // @RawSQLUse, simple_code $_bookmark = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->links WHERE link_id = %d LIMIT 1", $bookmark)); $_bookmark->link_category = array_unique( wp_get_object_terms($_bookmark->link_id, 'link_category', 'fields=ids') ); wp_cache_add($_bookmark->link_id, $_bookmark, 'bookmark'); @@ -241,6 +242,7 @@ if ( $hide_invisible ) $visible = "AND link_visible = 'Y'"; + // @RawSQLUse, algorithmic $query = "SELECT * $length $recently_updated_test $get_updated FROM $wpdb->links $join WHERE 1=1 $visible $category_query"; $query .= " $exclusions $inclusions $search"; $query .= " ORDER BY $orderby $order"; Index: wp-includes/link-template.php =================================================================== --- wp-includes/link-template.php (revision 10428) +++ wp-includes/link-template.php (working copy) @@ -900,6 +900,7 @@ $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare("WHERE p.post_date $op %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories ); $sort = apply_filters( "get_{$adjacent}_post_sort", "ORDER BY p.post_date $order LIMIT 1" ); + // @RawSQLUse, algorithmic return $wpdb->get_row("SELECT p.* FROM $wpdb->posts AS p $join $where $sort"); } Index: wp-includes/author-template.php =================================================================== --- wp-includes/author-template.php (revision 10428) +++ wp-includes/author-template.php (working copy) @@ -472,9 +472,11 @@ $return = ''; /** @todo Move select to get_authors(). */ + // @RawSQLUse, algorithmic $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name"); $author_count = array(); + // @RawSQLUse, simple_code foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author") as $row) { $author_count[$row->post_author] = $row->count; } Index: wp-includes/rewrite.php =================================================================== --- wp-includes/rewrite.php (revision 10428) +++ wp-includes/rewrite.php (working copy) @@ -782,6 +782,7 @@ global $wpdb; //get pages in order of hierarchy, i.e. children after parents + // @RawSQLUse, trivial_implementation $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'")); //now reverse it, because we need parents after children for rewrite rules to work properly $posts = array_reverse($posts, true); @@ -795,6 +796,7 @@ foreach ($posts as $id => $post) { // URL => page name $uri = get_page_uri($id); + // @RawSQLUse, trivial_implementation $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); if ( $attachments ) { foreach ( $attachments as $attachment ) { Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (revision 10428) +++ wp-includes/general-template.php (working copy) @@ -422,6 +422,7 @@ } if ( !empty($author_name) ) { // We do a direct query here because we don't cache by nicename. + // @RawSQLUse, trivial_implementation $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); } @@ -510,6 +511,7 @@ if ( intval($p) || '' != $name ) { if ( !$p ) + // @RawSQLUse, trivial_implementation $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); $post = & get_post($p); $title = $post->post_title; @@ -760,6 +762,7 @@ $output = ''; if ( 'monthly' == $type ) { + // @RawSQLUse, simple_code $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC $limit"; $key = md5($query); $cache = wp_cache_get( 'wp_get_archives' , 'general'); @@ -781,6 +784,7 @@ } } } elseif ('yearly' == $type) { + // @RawSQLUse, simple_code $query = "SELECT DISTINCT YEAR(post_date) AS `year`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date) ORDER BY post_date DESC $limit"; $key = md5($query); $cache = wp_cache_get( 'wp_get_archives' , 'general'); @@ -802,6 +806,7 @@ } } } elseif ( 'daily' == $type ) { + // @RawSQLUse, simple_code $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, DAYOFMONTH(post_date) AS `dayofmonth`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date), DAYOFMONTH(post_date) ORDER BY post_date DESC $limit"; $key = md5($query); $cache = wp_cache_get( 'wp_get_archives' , 'general'); @@ -825,6 +830,7 @@ } } elseif ( 'weekly' == $type ) { $start_of_week = get_option('start_of_week'); + // @RawSQLUse, simple_code $query = "SELECT DISTINCT WEEK(post_date, $start_of_week) AS `week`, YEAR(post_date) AS yr, DATE_FORMAT(post_date, '%Y-%m-%d') AS yyyymmdd, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY WEEK(post_date, $start_of_week), YEAR(post_date) ORDER BY post_date DESC $limit"; $key = md5($query); $cache = wp_cache_get( 'wp_get_archives' , 'general'); @@ -855,6 +861,7 @@ } } elseif ( ( 'postbypost' == $type ) || ('alpha' == $type) ) { $orderby = ('alpha' == $type) ? "post_title ASC " : "post_date DESC "; + // @RawSQLUse, algorithmic $query = "SELECT * FROM $wpdb->posts $join $where ORDER BY $orderby $limit"; $key = md5($query); $cache = wp_cache_get( 'wp_get_archives' , 'general'); @@ -927,6 +934,7 @@ ob_start(); // Quick check. If we have no posts at all, abort! if ( !$posts ) { + // @RawSQLUse, simple_code $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' ORDER BY post_date DESC LIMIT 1"); if ( !$gotsome ) return; @@ -946,6 +954,7 @@ // We need to get the month from MySQL $thisyear = ''.intval(substr($m, 0, 4)); $d = (($w - 1) * 7) + 6; //it seems MySQL's weeks disagree with PHP's + // @RawSQLUse, simple_code $thismonth = $wpdb->get_var("SELECT DATE_FORMAT((DATE_ADD('${thisyear}0101', INTERVAL $d DAY) ), '%m')"); } elseif ( !empty($m) ) { $thisyear = ''.intval(substr($m, 0, 4)); @@ -961,12 +970,14 @@ $unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear); // Get the next and previous month and year with at least one post + // @RawSQLUse, algorithmic $previous = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year FROM $wpdb->posts WHERE post_date < '$thisyear-$thismonth-01' AND post_type = 'post' AND post_status = 'publish' ORDER BY post_date DESC LIMIT 1"); + // @RawSQLUse, algorithmic $next = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year FROM $wpdb->posts WHERE post_date > '$thisyear-$thismonth-01' @@ -1024,6 +1035,7 @@ '; // Get days with posts + // @RawSQLUse, algorithmic $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date) FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth' AND YEAR(post_date) = '$thisyear' @@ -1043,6 +1055,7 @@ $ak_title_separator = ', '; $ak_titles_for_day = array(); + // @RawSQLUse, algorithmic $ak_post_titles = $wpdb->get_results("SELECT post_title, DAYOFMONTH(post_date) as dom " ."FROM $wpdb->posts " ."WHERE YEAR(post_date) = '$thisyear' " Index: wp-includes/canonical.php =================================================================== --- wp-includes/canonical.php (revision 10428) +++ wp-includes/canonical.php (working copy) @@ -68,6 +68,7 @@ if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) { + // @RawSQLUse, trivial_implementation $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) ); if ( isset($vars[0]) && $vars = $vars[0] ) { @@ -328,6 +329,7 @@ if ( get_query_var('day') ) $where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day')); + // @RawSQLUse, algorithmic $post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'"); if ( !$post_id ) return false; Index: wp-includes/deprecated.php =================================================================== --- wp-includes/deprecated.php (revision 10428) +++ wp-includes/deprecated.php (working copy) @@ -1120,6 +1120,7 @@ _deprecated_function(__FUNCTION__, '0.0' ); if ( $count ) + // @RawSQLUse, trivial_implementation $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links"); $javascript = ""; Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 10428) +++ wp-includes/pluggable.php (working copy) @@ -130,6 +130,7 @@ if ( $user ) return $user; + // @RawSQLUse, simple_code if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) ) return false; @@ -164,6 +165,7 @@ if ( false !== $user ) return $user; + // @RawSQLUse, trivial_implementation if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) ) return false; @@ -194,6 +196,7 @@ if ( false !== $user ) return $user; + // @RawSQLUse, trivial_implementation if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) ) return false; @@ -1002,10 +1005,13 @@ if( get_option( "moderation_notify" ) == 0 ) return true; + // @RawSQLUse, simple_code $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); + // @RawSQLUse, simple_code $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); + // @RawSQLUse, simple_code $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); switch ($comment->comment_type) @@ -1455,6 +1461,7 @@ global $wpdb; $hash = wp_hash_password($password); + // @RawSQLUse, method_exists $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); $wpdb->query($query); wp_cache_delete($user_id, 'users'); Index: wp-includes/widgets.php =================================================================== --- wp-includes/widgets.php (revision 10428) +++ wp-includes/widgets.php (working copy) @@ -1390,6 +1390,7 @@ $number = 15; if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) { + // @RawSQLUse, simple_code $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT $number"); wp_cache_add( 'recent_comments', $comments, 'widget' ); } Index: wp-includes/rss.php =================================================================== --- wp-includes/rss.php (revision 10428) +++ wp-includes/rss.php (working copy) @@ -715,8 +715,10 @@ $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts'; // shouldn't these be using get_option() ? + // @RawSQLUse, trivial_implementation if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) ) add_option($cache_option, '', '', 'no'); + // @RawSQLUse, trivial_implementation if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) ) add_option($cache_timestamp, '', '', 'no'); Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 10428) +++ xmlrpc.php (working copy) @@ -765,6 +765,7 @@ do_action('xmlrpc_call', 'wp.getPageList'); // Get list of pages ids and titles + // @RawSQLUse, simple_code $page_list = $wpdb->get_results(" SELECT ID page_id, post_title page_title, @@ -2273,10 +2274,12 @@ global $wpdb; // find any unattached files + // @RawSQLUse, trivial_implementation $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); if( is_array( $attachments ) ) { foreach( $attachments as $file ) { if( strpos( $post_content, $file->guid ) !== false ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); } } @@ -2852,6 +2855,7 @@ if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { // Get postmeta info on the object. + // @RawSQLUse, trivial_implementation $old_file = $wpdb->get_row(" SELECT ID FROM {$wpdb->posts} @@ -3126,6 +3130,7 @@ return new IXR_Error(404, __('Sorry, no such post.')); } + // @RawSQLUse, trivial_implementation $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { @@ -3250,6 +3255,7 @@ } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); + // @RawSQLUse, trivial_implementation $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); if (! ($post_ID = $wpdb->get_var($sql)) ) { // returning unknown error '0' is better than die()ing @@ -3279,6 +3285,7 @@ return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); // Let's check that the remote site didn't already pingback this entry + // @RawSQLUse, trivial_implementation $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); if ( $wpdb->num_rows ) // We already have a Pingback from this URL @@ -3394,6 +3401,7 @@ return new IXR_Error(32, __('The specified target URL does not exist.')); } + // @RawSQLUse, trivial_implementation $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { Index: wp-trackback.php =================================================================== --- wp-trackback.php (revision 10428) +++ wp-trackback.php (working copy) @@ -97,6 +97,7 @@ $comment_content = "$title\n\n$excerpt"; $comment_type = 'trackback'; + // @RawSQLUse, trivial_implementation $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); if ( $dupe ) trackback_response(1, 'We already have a ping from that URL for this post.'); Index: wp-admin/update-links.php =================================================================== --- wp-admin/update-links.php (revision 10428) +++ wp-admin/update-links.php (working copy) @@ -18,6 +18,7 @@ if ( !get_option('use_linksupdate') ) wp_die(__('Feature disabled.')); +// @RawSQLUse, trivial_implementation $link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links"); if ( !$link_uris ) @@ -50,6 +51,7 @@ foreach ($returns as $return) : $time = substr($return, 0, 19); $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) ); endforeach; Index: wp-admin/users.php =================================================================== --- wp-admin/users.php (revision 10428) +++ wp-admin/users.php (working copy) @@ -153,6 +153,7 @@ $go_delete = true; } } + // @RawSQLUse, simple_code $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); $user_dropdown = ' Index: wp-admin/import/blogger.php =================================================================== --- wp-admin/import/blogger.php (revision 10428) +++ wp-admin/import/blogger.php (working copy) @@ -647,6 +647,7 @@ if ( !isset( $blog['authors'] ) ) { $post_ids = array_values($blog['posts']); + // @RawSQLUse, algorithmic $authors = (array) $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN (" . join( ',', $post_ids ) . ")"); $blog['authors'] = array_map(null, $authors, array_fill(0, count($authors), $current_user->ID)); $this->save_vars(); @@ -685,8 +686,10 @@ $host = $this->blogs[$importing_blog]['host']; // Get an array of posts => authors + // @RawSQLUse, trivial_implementation $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); $post_ids = join( ',', $post_ids ); + // @RawSQLUse, algorithmic $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); foreach ( $results as $row ) $authors_posts[$row->post_id] = $row->meta_value; @@ -702,6 +705,7 @@ $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] ); $post_ids = join( ',', $post_ids); + // @RawSQLUse, algorithmic $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) ); $this->blogs[$importing_blog]['authors'][$author][1] = $user_id; } @@ -762,6 +766,7 @@ $this->revoke( $options['token'] ); delete_option('blogger_importer'); + // @RawSQLUse, trivial_implementation $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'"); wp_redirect('?import=blogger'); } Index: wp-admin/import/textpattern.php =================================================================== --- wp-admin/import/textpattern.php (revision 10428) +++ wp-admin/import/textpattern.php (working copy) @@ -20,6 +20,7 @@ function get_comment_count($post_ID) { global $wpdb; + // @RawSQLUse, simple_code return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); } } @@ -38,6 +39,7 @@ function link_exists($linkname) { global $wpdb; + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); } } @@ -84,6 +86,7 @@ $prefix = get_option('tpre'); // Get Categories + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT id, name, @@ -103,6 +106,7 @@ // Get Users + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT user_id, name, @@ -120,6 +124,7 @@ $prefix = get_option('tpre'); // Get Posts + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT ID, Posted, @@ -147,6 +152,7 @@ $prefix = get_option('tpre'); // Get Comments + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); } @@ -157,6 +163,7 @@ set_magic_quotes_runtime(0); $prefix = get_option('tpre'); + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT id, date, Index: wp-admin/import/wordpress.php =================================================================== --- wp-admin/import/wordpress.php (revision 10428) +++ wp-admin/import/wordpress.php (working copy) @@ -663,8 +663,10 @@ global $wpdb; foreach ($this->url_remap as $from_url => $to_url) { // remap urls in post_content + // @RawSQLUse, simple_code $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_content = REPLACE(post_content, '%s', '%s')", $from_url, $to_url) ); // remap enclosure urls + // @RawSQLUse, simple_code $result = $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->postmeta} SET meta_value = REPLACE(meta_value, '%s', '%s') WHERE meta_key='enclosure'", $from_url, $to_url) ); } } @@ -677,6 +679,7 @@ $local_child_id = $this->post_ids_processed[$child_id]; $local_parent_id = $this->post_ids_processed[$parent_id]; if ($local_child_id and $local_parent_id) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id)); } } Index: wp-admin/upload.php =================================================================== --- wp-admin/upload.php (revision 10428) +++ wp-admin/upload.php (working copy) @@ -20,8 +20,10 @@ if ( ! current_user_can('edit_posts') ) wp_die( __('You are not allowed to scan for lost attachments.') ); - + + // @RawSQLUse, algorithmic $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'"); + // @RawSQLUse, trivial_implementation $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'"); $lost = array(); @@ -53,6 +55,7 @@ if ( ! empty($attach) ) { $attach = implode(',', $attach); + // @RawSQLUse, algorithmic $attached = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ($attach)", $parent_id) ); } @@ -113,10 +116,13 @@ $page_links_total = ceil(count($lost) / 50); $lost = implode(',', $lost); + // @RawSQLUse, algorithmic $orphans = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'attachment' AND ID IN ($lost) LIMIT $start, 50" ); } else { $start = ( $_GET['paged'] - 1 ) * 25; + // @RawSQLUse, algorithmic $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" ); + // @RawSQLUse, trivial_implementation $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25); } @@ -253,6 +259,7 @@ posts WHERE post_type = 'attachment' ORDER BY post_date DESC"; $arc_result = $wpdb->get_results( $arc_query ); Index: wp-admin/edit-form-advanced.php =================================================================== --- wp-admin/edit-form-advanced.php (revision 10428) +++ wp-admin/edit-form-advanced.php (working copy) @@ -438,6 +438,7 @@ on this post') ?>

get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID)); if ( !$post_ID || $post_ID < 0 || 1 > $total ) Index: wp-admin/edit.php =================================================================== --- wp-admin/edit.php (revision 10428) +++ wp-admin/edit.php (working copy) @@ -200,6 +200,7 @@ posts WHERE post_type = 'post' ORDER BY post_date DESC"; $arc_result = $wpdb->get_results( $arc_query ); Index: wp-admin/options.php =================================================================== --- wp-admin/options.php (revision 10428) +++ wp-admin/options.php (working copy) @@ -95,6 +95,7 @@ get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); foreach ( (array) $options as $option) : Index: wp-admin/link.php =================================================================== --- wp-admin/link.php (revision 10428) +++ wp-admin/link.php (working copy) @@ -58,6 +58,7 @@ } $all_links = join(',', $linkcheck); // should now have an array of links we can change + // @RawSQLUse, algorithmic //$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)"); wp_redirect($this_file); Index: wp-admin/export.php =================================================================== --- wp-admin/export.php (revision 10428) +++ wp-admin/export.php (working copy) @@ -39,6 +39,7 @@