Index: wp-comments-post.php =================================================================== --- wp-comments-post.php (revision 10451) +++ wp-comments-post.php (working copy) @@ -19,6 +19,7 @@ $comment_post_ID = (int) $_POST['comment_post_ID']; +// @RawSQLUse, trivial_implementation $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); if ( empty($status->comment_status) ) { Index: wp-login.php =================================================================== --- wp-login.php (revision 10451) +++ wp-login.php (working copy) @@ -133,12 +133,14 @@ else if ( is_wp_error($allow) ) return $allow; + // @RawSQLUse, trivial_implementation $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); if ( empty($key) ) { // Generate something random for a key... $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db + // @RawSQLUse, method_exists $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; @@ -169,6 +171,7 @@ if ( empty( $key ) ) return new WP_Error('invalid_key', __('Invalid key')); + // @RawSQLUse, trivial_implementation $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); if ( empty( $user ) ) return new WP_Error('invalid_key', __('Invalid key')); Index: wp-includes/taxonomy.php =================================================================== --- wp-includes/taxonomy.php (revision 10451) +++ wp-includes/taxonomy.php (working copy) @@ -864,7 +864,6 @@ return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A); } - if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) ) return $result; @@ -1106,6 +1105,7 @@ $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) ); } + // @RawSQLUse, trivial_implementation $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) ); foreach ( (array) $objects as $object ) { @@ -1118,10 +1118,12 @@ wp_set_object_terms($object, $terms, $taxonomy); } + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) ); // Delete the term if no taxonomies use it. if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) ); clean_term_cache($term, $taxonomy); @@ -1322,6 +1324,7 @@ $term_group = 0; if ( $alias_of ) { + // @RawSQLUse, trivial_implementation $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); if ( $alias->term_group ) { // The alias we want is already in a group, so let's use that one. @@ -1329,6 +1332,7 @@ } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); } } @@ -1423,6 +1427,7 @@ $tt_id = $term_info['term_taxonomy_id']; $tt_ids[] = $tt_id; + // @RawSQLUse, trivial_implementation if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) ) continue; $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) ); @@ -1500,6 +1505,7 @@ if ( !empty($args['term_id']) ) $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] ); else + // @RawSQLUse, trivial_implementation $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ); if ( $wpdb->get_var( $query ) ) { @@ -1507,6 +1513,7 @@ do { $alt_slug = $slug . "-$num"; $num++; + // @RawSQLUse, trivial_implementation $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) ); } while ( $slug_check ); $slug = $alt_slug; @@ -1586,6 +1593,7 @@ } if ( $alias_of ) { + // @RawSQLUse, trivial_implementation $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); if ( $alias->term_group ) { // The alias we want is already in a group, so let's use that one. @@ -1598,6 +1606,7 @@ } // Check for duplicate slug + // @RawSQLUse, trivial_implementation $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); if ( $id && ($id != $term_id) ) { // If an empty slug was passed or the parent changed, reset the slug to something unique. Index: wp-includes/post.php =================================================================== --- wp-includes/post.php (revision 10451) +++ wp-includes/post.php (working copy) @@ -424,6 +424,7 @@ global $wpdb; $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); + // @RawSQLUse, method_exists $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); if ( 'page' == $post_type ) @@ -519,6 +520,7 @@ // expected_slashed ($meta_key) $meta_key = stripslashes($meta_key); + // @RawSQLUse, trivial_implementation if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) return false; @@ -559,16 +561,20 @@ $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); if ( empty( $meta_value ) ) + // @RawSQLUse, trivial_implementation $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); else + // @RawSQLUse, trivial_implementation $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); if ( !$meta_id ) return false; if ( empty( $meta_value ) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); else + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); wp_cache_delete($post_id, 'post_meta'); @@ -637,6 +643,7 @@ // expected_slashed ($meta_key) $meta_key = stripslashes($meta_key); + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) { return add_post_meta($post_id, $meta_key, $meta_value); } @@ -667,6 +674,7 @@ */ function delete_post_meta_by_key($post_meta_key) { global $wpdb; + // @RawSQLUse, trivial_implementation if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { /** @todo Get post_ids and delete cache */ // wp_cache_delete($post_id, 'post_meta'); @@ -1101,6 +1109,7 @@ function wp_delete_post($postid = 0) { global $wpdb, $wp_rewrite; + // @RawSQLUse, trivial_implementation if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; @@ -1127,6 +1136,7 @@ } // Point children of this page to its parent, also clean the cache of affected children + // @RawSQLUse, trivial_implementation $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid); $children = $wpdb->get_results($children_query); @@ -1136,6 +1146,7 @@ } // Do raw query. wp_get_post_revisions() is filtered + // @RawSQLUse, trivial_implementation $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) ); // Use wp_delete_post (via wp_delete_post_revision) again. Ensures any meta/misplaced data gets cleaned up. foreach ( $revision_ids as $revision_id ) @@ -1144,10 +1155,13 @@ // Point all attachments to this post up one level $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); if ( 'page' == $post->post_type ) { @@ -1500,6 +1514,7 @@ // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { $data['ID'] = $import_id; } @@ -1814,6 +1829,7 @@ */ function add_ping($post_id, $uri) { global $wpdb; + // @RawSQLUse, trivial_implementation $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); @@ -1863,6 +1879,7 @@ */ function get_pung($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); $pung = trim($pung); $pung = preg_split('/\s/', $pung); @@ -1881,6 +1898,7 @@ */ function get_to_ping($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); $to_ping = trim($to_ping); $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); @@ -1935,6 +1953,7 @@ global $wpdb; if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { + // @RawSQLUse, trivial_implementation $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); wp_cache_add('all_page_ids', $page_ids, 'posts'); } @@ -1997,6 +2016,7 @@ $path = '/' . $leaf_path; $curpage = $page; while ($curpage->post_parent != 0) { + // @RawSQLUse, trivial_implementation $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); $path = '/' . $curpage->post_name . $path; } @@ -2020,6 +2040,7 @@ */ function get_page_by_title($page_title, $output = OBJECT) { global $wpdb; + // @RawSQLUse, trivial_implementation $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); if ( $page ) return get_page($page, $output); @@ -2114,7 +2135,9 @@ * * @param mixed $args Optional. Array or string of options that overrides defaults. * @return array List of pages matching defaults or $args + * @RawSQLUse, algorithmic */ + function &get_pages($args = '') { global $wpdb; @@ -2437,6 +2460,7 @@ // If there is a suggested ID, use it if not already present if ( !empty($import_id) ) { $import_id = (int) $import_id; + // @RawSQLUse, trivial_implementation if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { $data['ID'] = $import_id; } @@ -2484,6 +2508,7 @@ function wp_delete_attachment($postid) { global $wpdb; + // @RawSQLUse, trivial_implementation if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) return $post; @@ -2498,10 +2523,13 @@ /** @todo Delete for pluggable post taxonomies too */ wp_delete_object_term_relationships($postid, array('category', 'post_tag')); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); $uploadPath = wp_upload_dir(); @@ -2833,6 +2861,7 @@ * @param string $post_type currently only supports 'post' or 'page'. * @return string SQL code that can be added to a where clause. */ + function get_private_posts_cap_sql($post_type) { global $user_ID; $cap = ''; @@ -3003,6 +3032,7 @@ do_action('clean_post_cache', $id); + // @RawSQLUse, trivial_implementation if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) { foreach( $children as $cid ) clean_post_cache( $cid ); Index: wp-includes/comment.php =================================================================== --- wp-includes/comment.php (revision 10451) +++ wp-includes/comment.php (working copy) @@ -736,6 +736,7 @@ $comment = get_comment($comment_id); + // @RawSQLUse, trivial_implementation if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) return false; @@ -878,6 +879,7 @@ if ( ! isset($comment_type) ) $comment_type = ''; + // @RawSQLUse, method_exists $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", @@ -1091,6 +1093,7 @@ else if ( 'approve' == $comment_approved ) $comment_approved = 1; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET comment_content = %s, comment_author = %s, @@ -1205,7 +1208,9 @@ return false; $old = (int) $post->comment_count; + // @RawSQLUse, trivial_implementation $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); if ( 'page' == $post->post_type ) @@ -1292,12 +1297,14 @@ // Do pingbacks while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { + // @RawSQLUse, trivial_implementation $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); pingback($ping->post_content, $ping->ID); } // Do Enclosures while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); do_enclose($enclosure->post_content, $enclosure->ID); } @@ -1323,10 +1330,12 @@ function do_trackbacks($post_id) { global $wpdb; + // @RawSQLUse, trivial_implementation $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); $to_ping = get_to_ping($post_id); $pinged = get_pung($post_id); if ( empty($to_ping) ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); return; } Index: wp-includes/functions.php =================================================================== --- wp-includes/functions.php (revision 10451) +++ wp-includes/functions.php (working copy) @@ -407,7 +407,9 @@ function get_alloptions() { global $wpdb; $show = $wpdb->hide_errors(); + // @RawSQLUse, trivial_implementation if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) + // @RawSQLUse, trivial_implementation $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); $wpdb->show_errors($show); @@ -441,7 +443,9 @@ if ( !$alloptions ) { $suppress = $wpdb->suppress_errors(); + // @RawSQLUse, trivial_implementation if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) + // @RawSQLUse, trivial_implementation $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); $wpdb->suppress_errors($suppress); $alloptions = array(); @@ -514,6 +518,7 @@ wp_cache_set( $option_name, $newvalue, 'options' ); } + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); if ( $wpdb->rows_affected == 1 ) { do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); @@ -581,6 +586,7 @@ wp_cache_set( 'notoptions', $notoptions, 'options' ); } + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); do_action( "add_option_{$name}", $name, $value ); @@ -604,10 +610,12 @@ // Get the ID, if no ID then return // expected_slashed ($name) + // @RawSQLUse, trivial_implementation $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); if ( is_null($option) || !$option->option_id ) return false; // expected_slashed ($name) + // @RawSQLUse, trivial_implementation $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); if ( 'yes' == $option->autoload ) { $alloptions = wp_load_alloptions(); @@ -994,6 +1002,7 @@ $allowed_types = array( 'video', 'audio' ); if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { $meta_value = "$url\n$len\n$type\n"; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); } @@ -1537,6 +1546,7 @@ return true; $suppress = $wpdb->suppress_errors(); + // @RawSQLUse, trivial_implementation $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); $wpdb->suppress_errors($suppress); Index: wp-includes/user.php =================================================================== --- wp-includes/user.php (revision 10451) +++ wp-includes/user.php (working copy) @@ -154,6 +154,7 @@ global $wpdb; if ( !$user ) $user = $wpdb->escape($_COOKIE[USER_COOKIE]); + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); } @@ -308,8 +309,10 @@ $meta_value = trim( $meta_value ); if ( ! empty($meta_value) ) + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); else + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); wp_cache_delete($user_id, 'users'); @@ -397,13 +400,15 @@ if (empty($meta_value)) { return delete_usermeta($user_id, $meta_key); } - + // @RawSQLUse, trivial_implementation $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); if ( !$cur ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) VALUES ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); } else if ( $cur->meta_value != $meta_value ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); } else { return false; @@ -575,6 +580,7 @@ global $wpdb; $show = $wpdb->hide_errors(); + // @RawSQLUse, trivial_implementation $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); $wpdb->show_errors($show); Index: wp-includes/rewrite.php =================================================================== --- wp-includes/rewrite.php (revision 10451) +++ wp-includes/rewrite.php (working copy) @@ -782,6 +782,7 @@ global $wpdb; //get pages in order of hierarchy, i.e. children after parents + // @RawSQLUse, trivial_implementation $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'")); //now reverse it, because we need parents after children for rewrite rules to work properly $posts = array_reverse($posts, true); @@ -795,6 +796,7 @@ foreach ($posts as $id => $post) { // URL => page name $uri = get_page_uri($id); + // @RawSQLUse, trivial_implementation $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); if ( $attachments ) { foreach ( $attachments as $attachment ) { Index: wp-includes/general-template.php =================================================================== --- wp-includes/general-template.php (revision 10451) +++ wp-includes/general-template.php (working copy) @@ -422,6 +422,7 @@ } if ( !empty($author_name) ) { // We do a direct query here because we don't cache by nicename. + // @RawSQLUse, trivial_implementation $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); } @@ -510,6 +511,7 @@ if ( intval($p) || '' != $name ) { if ( !$p ) + // @RawSQLUse, trivial_implementation $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); $post = & get_post($p); $title = $post->post_title; Index: wp-includes/canonical.php =================================================================== --- wp-includes/canonical.php (revision 10451) +++ wp-includes/canonical.php (working copy) @@ -68,6 +68,7 @@ if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) { + // @RawSQLUse, trivial_implementation $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) ); if ( isset($vars[0]) && $vars = $vars[0] ) { Index: wp-includes/deprecated.php =================================================================== --- wp-includes/deprecated.php (revision 10451) +++ wp-includes/deprecated.php (working copy) @@ -1120,6 +1120,7 @@ _deprecated_function(__FUNCTION__, '0.0' ); if ( $count ) + // @RawSQLUse, trivial_implementation $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links"); $javascript = ""; Index: wp-includes/pluggable.php =================================================================== --- wp-includes/pluggable.php (revision 10451) +++ wp-includes/pluggable.php (working copy) @@ -164,6 +164,7 @@ if ( false !== $user ) return $user; + // @RawSQLUse, trivial_implementation if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) ) return false; @@ -194,6 +195,7 @@ if ( false !== $user ) return $user; + // @RawSQLUse, trivial_implementation if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) ) return false; @@ -1444,6 +1451,7 @@ global $wpdb; $hash = wp_hash_password($password); + // @RawSQLUse, method_exists $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); $wpdb->query($query); wp_cache_delete($user_id, 'users'); Index: wp-includes/rss.php =================================================================== --- wp-includes/rss.php (revision 10451) +++ wp-includes/rss.php (working copy) @@ -715,8 +715,10 @@ $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts'; // shouldn't these be using get_option() ? + // @RawSQLUse, trivial_implementation if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) ) add_option($cache_option, '', '', 'no'); + // @RawSQLUse, trivial_implementation if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) ) add_option($cache_timestamp, '', '', 'no'); Index: xmlrpc.php =================================================================== --- xmlrpc.php (revision 10451) +++ xmlrpc.php (working copy) @@ -2273,10 +2273,12 @@ global $wpdb; // find any unattached files + // @RawSQLUse, trivial_implementation $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); if( is_array( $attachments ) ) { foreach( $attachments as $file ) { if( strpos( $post_content, $file->guid ) !== false ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); } } @@ -2852,6 +2854,7 @@ if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { // Get postmeta info on the object. + // @RawSQLUse, trivial_implementation $old_file = $wpdb->get_row(" SELECT ID FROM {$wpdb->posts} @@ -3126,6 +3129,7 @@ return new IXR_Error(404, __('Sorry, no such post.')); } + // @RawSQLUse, trivial_implementation $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { @@ -3250,6 +3254,7 @@ } elseif (is_string($urltest['fragment'])) { // ...or a string #title, a little more complicated $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); + // @RawSQLUse, trivial_implementation $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); if (! ($post_ID = $wpdb->get_var($sql)) ) { // returning unknown error '0' is better than die()ing @@ -3279,6 +3284,7 @@ return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); // Let's check that the remote site didn't already pingback this entry + // @RawSQLUse, trivial_implementation $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); if ( $wpdb->num_rows ) // We already have a Pingback from this URL @@ -3394,6 +3400,7 @@ return new IXR_Error(32, __('The specified target URL does not exist.')); } + // @RawSQLUse, trivial_implementation $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); if (!$comments) { Index: wp-trackback.php =================================================================== --- wp-trackback.php (revision 10451) +++ wp-trackback.php (working copy) @@ -97,6 +97,7 @@ $comment_content = "$title\n\n$excerpt"; $comment_type = 'trackback'; + // @RawSQLUse, trivial_implementation $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); if ( $dupe ) trackback_response(1, 'We already have a ping from that URL for this post.'); Index: wp-admin/update-links.php =================================================================== --- wp-admin/update-links.php (revision 10451) +++ wp-admin/update-links.php (working copy) @@ -18,6 +18,7 @@ if ( !get_option('use_linksupdate') ) wp_die(__('Feature disabled.')); +// @RawSQLUse, trivial_implementation $link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links"); if ( !$link_uris ) @@ -50,6 +51,7 @@ foreach ($returns as $return) : $time = substr($return, 0, 19); $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) ); endforeach; Index: wp-admin/edit-comments.php =================================================================== --- wp-admin/edit-comments.php (revision 10451) +++ wp-admin/edit-comments.php (working copy) @@ -34,6 +34,7 @@ $deleted = $approved = $unapproved = $spammed = 0; foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each $comment_id = (int) $comment_id; + // @RawSQLUse, trivial_implementation $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) ); if ( !current_user_can('edit_post', $_post_id) ) Index: wp-admin/admin-ajax.php =================================================================== --- wp-admin/admin-ajax.php (revision 10451) +++ wp-admin/admin-ajax.php (working copy) @@ -606,6 +606,7 @@ if ( !current_user_can( 'edit_post', $comment_post_ID ) ) die('-1'); + // @RawSQLUse, trivial_implementation $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); if ( empty($status) ) Index: wp-admin/includes/bookmark.php =================================================================== --- wp-admin/includes/bookmark.php (revision 10451) +++ wp-admin/includes/bookmark.php (working copy) @@ -83,6 +83,7 @@ wp_delete_object_term_relationships( $link_id, 'link_category' ); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->links WHERE link_id = %d", $link_id ) ); do_action( 'deleted_link', $link_id ); @@ -186,6 +187,7 @@ } if ( $update ) { + // @RawSQLUse, method_exists if ( false === $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_url = %s, link_name = %s, link_image = %s, link_target = %s, link_visible = %s, link_description = %s, link_rating = %s, @@ -197,6 +199,7 @@ return 0; } } else { + // @RawSQLUse, method_exists if ( false === $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss ) ) ) { if ( $wp_error ) Index: wp-admin/includes/post.php =================================================================== --- wp-admin/includes/post.php (revision 10451) +++ wp-admin/includes/post.php (working copy) @@ -257,6 +257,7 @@ } if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) { + // @RawSQLUse, trivial_implementation $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'"); $children = array(); @@ -417,9 +418,11 @@ $post_date = $wpdb->prepare("AND post_date = %s", $post_date); if (!empty ($title)) + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); else if (!empty ($content)) + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); return 0; @@ -566,6 +569,7 @@ wp_cache_delete($post_ID, 'post_meta'); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) ); return $wpdb->insert_id; } @@ -621,6 +625,7 @@ global $wpdb; $mid = (int) $mid; + // @RawSQLUse, trivial_implementation $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); if ( is_serialized_string( $meta->meta_value ) ) $meta->meta_value = maybe_unserialize( $meta->meta_value ); @@ -664,6 +669,7 @@ if ( in_array($meta_key, $protected) ) return false; + // @RawSQLUse, trivial_implementation $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); wp_cache_delete($post_id, 'post_meta'); @@ -743,6 +749,7 @@ global $wpdb; $old_ID = (int) $old_ID; $new_ID = (int) $new_ID; + // @RawSQLUse, method_exists return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); } Index: wp-admin/includes/upgrade.php =================================================================== --- wp-admin/includes/upgrade.php (revision 10451) +++ wp-admin/includes/upgrade.php (working copy) @@ -95,49 +95,71 @@ // Default category $cat_name = $wpdb->escape(__('Uncategorized')); $cat_slug = sanitize_title(_c('Uncategorized|Default category slug')); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); // Default link category $cat_name = $wpdb->escape(__('Blogroll')); $cat_slug = sanitize_title(_c('Blogroll|Default link category slug')); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')"); // Now drop in some default links + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" ); + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" ); // First post $now = date('Y-m-d H:i:s'); $now_gmt = gmdate('Y-m-d H:i:s'); $first_post_guid = get_option('home') . '/?p=1'; + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')"); + // @RawSQLUse, method_exists $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); // Default comment + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.
To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')"); // First Page $first_post_guid = get_option('home') . '/?page_id=2'; + // @RawSQLUse, method_exists $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')"); } endif; @@ -292,20 +314,24 @@ global $wpdb; // Get the title and ID of every post, post_name to check if it already has a value + // @RawSQLUse, trivial_implementation $posts = $wpdb->get_results("SELECT ID, post_title, post_name FROM $wpdb->posts WHERE post_name = ''"); if ($posts) { foreach($posts as $post) { if ('' == $post->post_name) { $newtitle = sanitize_title($post->post_title); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); } } } + // @RawSQLUse, trivial_implementation $categories = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename FROM $wpdb->categories"); foreach ($categories as $category) { if ('' == $category->category_nicename) { $newtitle = sanitize_title($category->cat_name); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); } } @@ -324,12 +350,15 @@ $catwhere = ''; endif; + // @RawSQLUse, trivial_implementation $allposts = $wpdb->get_results("SELECT ID, post_category FROM $wpdb->posts WHERE post_category != '0' $catwhere"); if ($allposts) : foreach ($allposts as $post) { // Check to see if it's already been imported + // @RawSQLUse, trivial_implementation $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); if (!$cat && 0 != $post->post_category) { // If there's no result + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat (post_id, category_id) VALUES (%s, %s) @@ -366,17 +395,21 @@ global $wpdb; // Set user_nicename. + // @RawSQLUse, trivial_implementation $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users"); foreach ($users as $user) { if ('' == $user->user_nicename) { $newname = sanitize_title($user->user_nickname); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); } } + // @RawSQLUse, trivial_implementation $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users"); foreach ($users as $row) { if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { + // @RawSQLUse, method_exists $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); } } @@ -426,6 +459,7 @@ global $wpdb; // Remove extraneous backslashes. + // @RawSQLUse, trivial_implementation $posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt, guid, post_date, post_name, post_status, post_author FROM $wpdb->posts"); if ($posts) { foreach($posts as $post) { @@ -436,33 +470,39 @@ $guid = get_permalink($post->ID); else $guid = $post->guid; - + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'"); } } // Remove extraneous backslashes. + // @RawSQLUse, trivial_implementation $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments"); if ($comments) { foreach($comments as $comment) { $comment_content = addslashes(deslash($comment->comment_content)); $comment_author = addslashes(deslash($comment->comment_author)); + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'"); } } // Remove extraneous backslashes. + // @RawSQLUse, trivial_implementation $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links"); if ($links) { foreach($links as $link) { $link_name = addslashes(deslash($link->link_name)); $link_description = addslashes(deslash($link->link_description)); + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'"); } } // The "paged" option for what_to_show is no more. + // @RawSQLUse, trivial_implementation if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') { + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'"); } @@ -476,9 +516,13 @@ } // Obsolete tables + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optionvalues'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiontypes'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroups'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroup_options'); // Update comments table to use comment_type @@ -509,6 +553,7 @@ populate_roles_160(); + // @RawSQLUse, method_exists $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); foreach ( $users as $user ) : if ( !empty( $user->user_firstname ) ) @@ -539,6 +584,7 @@ if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; if (!$idmode) $id = $user->user_nickname; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); endif; @@ -554,6 +600,7 @@ $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' ); $wpdb->hide_errors(); foreach ( $old_user_fields as $old ) + // @RawSQLUse, trivial_implementation $wpdb->query("ALTER TABLE $wpdb->users DROP $old"); $wpdb->show_errors(); @@ -561,6 +608,7 @@ $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); if( is_array( $comments ) ) { foreach ($comments as $comment) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); } } @@ -568,8 +616,10 @@ // Some alpha versions used a post status of object instead of attachment and put // the mime type in post_type instead of post_mime_type. if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { + // @RawSQLUse, trivial_implementation $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); foreach ($objects as $object) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', post_mime_type = %s, post_type = '' @@ -592,6 +642,7 @@ if ( $wp_current_db_version < 3506 ) { // Update status and type. + // @RawSQLUse, trivial_implementation $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); if ( ! empty($posts) ) foreach ($posts as $post) { @@ -605,7 +656,7 @@ $status = 'inherit'; $type = 'attachment'; } - + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); } } @@ -617,8 +668,10 @@ if ( $wp_current_db_version < 3531 ) { // Give future posts a post_status of future. $now = gmdate('Y-m-d H:i:59'); + // @RawSQLUse, method_exists $wpdb->query ("UPDATE $wpdb->posts SET post_status = 'future' WHERE post_status = 'publish' AND post_date_gmt > '$now'"); + // @RawSQLUse, method_exists $posts = $wpdb->get_results("SELECT ID, post_date FROM $wpdb->posts WHERE post_status ='future'"); if ( !empty($posts) ) foreach ( $posts as $post ) @@ -651,6 +704,7 @@ $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. + // @RawSQLUse, trivial_implementation if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $id = $exists[0]->term_id; @@ -658,6 +712,7 @@ do { $alt_slug = $slug . "-$num"; $num++; + // @RawSQLUse, trivial_implementation $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); } while ( $slug_check ); @@ -665,10 +720,11 @@ if ( empty( $term_group ) ) { $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); } } - + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); @@ -676,6 +732,7 @@ if ( !empty($category->category_count) ) { $count = (int) $category->category_count; $taxonomy = 'category'; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -683,6 +740,7 @@ if ( !empty($category->link_count) ) { $count = (int) $category->link_count; $taxonomy = 'link_category'; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -691,6 +749,7 @@ $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -698,6 +757,7 @@ if ( empty($count) ) { $count = 0; $taxonomy = 'category'; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } @@ -718,6 +778,7 @@ if ( empty($tt_id) ) continue; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); } @@ -728,6 +789,7 @@ $link_cat_id_map = array(); $default_link_cat = 0; $tt_ids = array(); + // @RawSQLUse, trivial_implementation $link_cats = $wpdb->get_results("SELECT cat_id, cat_name FROM " . $wpdb->prefix . 'linkcategories'); foreach ( $link_cats as $category) { $cat_id = (int) $category->cat_id; @@ -737,24 +799,28 @@ $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. + // @RawSQLUse, trivial_implementation if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { $term_group = $exists[0]->term_group; $term_id = $exists[0]->term_id; } if ( empty($term_id) ) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); $term_id = (int) $wpdb->insert_id; } $link_cat_id_map[$cat_id] = $term_id; $default_link_cat = $term_id; - + + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); $tt_ids[$term_id] = (int) $wpdb->insert_id; } // Associate links to cats. + // @RawSQLUse, trivial_implementation $links = $wpdb->get_results("SELECT link_id, link_category FROM $wpdb->links"); if ( !empty($links) ) foreach ( $links as $link ) { if ( 0 == $link->link_category ) @@ -766,6 +832,7 @@ if ( empty($tt_id) ) continue; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); } @@ -781,22 +848,26 @@ if ( empty($tt_id) ) continue; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); } } if ( $wp_current_db_version < 4772 ) { // Obsolete linkcategories table + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'linkcategories'); } // Recalculate all counts + // @RawSQLUse, trivial_implementation $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); foreach ( (array) $terms as $term ) { if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); else $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); } } @@ -811,6 +882,7 @@ $old_options_fields = array( 'option_can_override', 'option_type', 'option_width', 'option_height', 'option_description', 'option_admin_level' ); $wpdb->hide_errors(); foreach ( $old_options_fields as $old ) + // @RawSQLUse, trivial_implementation $wpdb->query("ALTER TABLE $wpdb->options DROP $old"); $wpdb->show_errors(); } @@ -822,8 +894,11 @@ */ function upgrade_230_old_tables() { global $wpdb; + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'categories'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'link2cat'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'post2cat'); } @@ -835,6 +910,7 @@ function upgrade_old_slugs() { // upgrade people who were using the Redirect Old Slugs plugin global $wpdb; + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '_wp_old_slug' WHERE meta_key = 'old_slug'"); } @@ -872,6 +948,7 @@ function upgrade_252() { global $wpdb; + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); } @@ -905,6 +982,7 @@ // Update post_date for unpublished posts with empty timestamp if ( $wp_current_db_version < 8921 ) + // @RawSQLUse, method_exists $wpdb->query( "UPDATE $wpdb->posts SET post_date = post_modified WHERE post_date = '0000-00-00 00:00:00'" ); } @@ -926,11 +1004,13 @@ */ function maybe_create_table($table_name, $create_ddl) { global $wpdb; + // @RawSQLUse, trivial_implementation if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) return true; //didn't find it try to create it. $q = $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! + // @RawSQLUse, trivial_implementation if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) return true; return false; @@ -950,9 +1030,11 @@ function drop_index($table, $index) { global $wpdb; $wpdb->hide_errors(); + // @RawSQLUse, trivial_implementation $wpdb->query("ALTER TABLE `$table` DROP INDEX `$index`"); // Now we need to take out all the extra ones we may have created for ($i = 0; $i < 25; $i++) { + // @RawSQLUse, trivial_implementation $wpdb->query("ALTER TABLE `$table` DROP INDEX `{$index}_$i`"); } $wpdb->show_errors(); @@ -1011,6 +1093,7 @@ */ function get_alloptions_110() { global $wpdb; + // @RawSQLUse, trivial_implementation if ($options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options")) { foreach ($options as $option) { // "When trying to design a foolproof system, @@ -1044,6 +1127,7 @@ return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); } + // @RawSQLUse, trivial_implementation $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); if ( 'home' == $setting && '' == $option ) @@ -1131,6 +1215,7 @@ } // Check to see which tables and fields exist + // @RawSQLUse, trivial_implementation if($tables = $wpdb->get_col('SHOW TABLES;')) { // For every table in the database foreach($tables as $table) { @@ -1177,6 +1262,7 @@ } // Fetch the table column structure from the database + // @RawSQLUse, trivial_implementation $tablefields = $wpdb->get_results("DESCRIBE {$table};"); // For every field in the table @@ -1217,12 +1303,14 @@ // For every remaining field specified for the table foreach($cfields as $fieldname => $fielddef) { // Push a query line into $cqueries that adds the field to that table + // @RawSQLUse, trivial_implementation $cqueries[] = "ALTER TABLE {$table} ADD COLUMN $fielddef"; $for_update[$table.'.'.$fieldname] = 'Added column '.$table.'.'.$fieldname; } // Index stuff goes here // Fetch the table index structure from the database + // @RawSQLUse, trivial_implementation $tableindices = $wpdb->get_results("SHOW INDEX FROM {$table};"); if($tableindices) { Index: wp-admin/includes/schema.php =================================================================== --- wp-admin/includes/schema.php (revision 10451) +++ wp-admin/includes/schema.php (working copy) @@ -311,6 +311,7 @@ // Set up a few options not to load by default $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' ); foreach ($fatoptions as $fatoption) : + // @RawSQLUse, method_exists $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); endforeach; } Index: wp-admin/includes/comment.php =================================================================== --- wp-admin/includes/comment.php (revision 10451) +++ wp-admin/includes/comment.php (working copy) @@ -19,6 +19,7 @@ function comment_exists($comment_author, $comment_date) { global $wpdb; + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); } Index: wp-admin/includes/template.php =================================================================== --- wp-admin/includes/template.php (revision 10451) +++ wp-admin/includes/template.php (working copy) @@ -1687,6 +1687,7 @@ // catch and repair bad pages if ( $page->post_parent == $page->ID ) { $page->post_parent = 0; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) ); clean_page_cache( $page->ID ); } Index: wp-admin/includes/user.php =================================================================== --- wp-admin/includes/user.php (revision 10451) +++ wp-admin/includes/user.php (working copy) @@ -197,6 +197,7 @@ function get_author_user_ids() { global $wpdb; $level_key = $wpdb->prefix . 'user_level'; + // @RawSQLUse, trivial_implementation return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); } @@ -250,6 +251,7 @@ $level_key = $wpdb->prefix . 'user_level'; + // @RawSQLUse, trivial_implementation $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); if ( $exclude_zeros ) $query .= " AND meta_value != '0'"; @@ -295,6 +297,7 @@ global $wpdb; $level_key = $wpdb->prefix . 'user_level'; + // @RawSQLUse, trivial_implementation return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); } @@ -413,6 +416,7 @@ $id = (int) $id; if ($reassign == 'novalue') { + // @RawSQLUse, trivial_implementation $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); if ($post_ids) { @@ -421,17 +425,22 @@ } // Clean links + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); } else { $reassign = (int) $reassign; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) ); } // FINALLY, delete user do_action('delete_user', $id); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) ); + // @RawSQLUse, trivial_implementation $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) ); wp_cache_delete($id, 'users'); @@ -628,6 +637,7 @@ * * @since unknown * @access public + * @RawSQLUse, algorithmic */ function prepare_query() { global $wpdb; Index: wp-admin/includes/export.php =================================================================== --- wp-admin/includes/export.php (revision 10451) +++ wp-admin/includes/export.php (working copy) @@ -296,6 +296,7 @@ ID); ?> get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); if ( $postmeta ) { ?> @@ -307,6 +308,7 @@ get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); if ( $comments ) { foreach ( $comments as $c ) { ?> Index: wp-admin/install-helper.php =================================================================== --- wp-admin/install-helper.php (revision 10451) +++ wp-admin/install-helper.php (working copy) @@ -73,6 +73,7 @@ */ function maybe_create_table($table_name, $create_ddl) { global $wpdb; + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { if ($table == $table_name) { return true; @@ -81,6 +82,7 @@ //didn't find it try to create it. $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { if ($table == $table_name) { return true; @@ -107,6 +109,7 @@ */ function maybe_add_column($table_name, $column_name, $create_ddl) { global $wpdb, $debug; + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { if ($debug) echo("checking $column == $column_name
"); @@ -117,6 +120,7 @@ //didn't find it try to create it. $wpdb->query($create_ddl); // we cannot directly tell that whether this succeeded! + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { if ($column == $column_name) { return true; @@ -141,11 +145,13 @@ */ function maybe_drop_column($table_name, $column_name, $drop_ddl) { global $wpdb; + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { if ($column == $column_name) { //found it try to drop it. $wpdb->query($drop_ddl); // we cannot directly tell that whether this succeeded! + // @RawSQLUse, trivial_implementation foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { if ($column == $column_name) { return false; @@ -189,6 +195,7 @@ function check_column($table_name, $col_name, $col_type, $is_null = null, $key = null, $default = null, $extra = null) { global $wpdb, $debug; $diffs = 0; + // @RawSQLUse, trivial_implementation $results = $wpdb->get_results("DESC $table_name"); foreach ($results as $row ) { Index: wp-admin/import/btt.php =================================================================== --- wp-admin/import/btt.php (revision 10451) +++ wp-admin/import/btt.php (working copy) @@ -77,6 +77,7 @@ echo '

'.__('Reading Bunny’s Technorati Tags…').'

'; // import Bunny's Keywords tags + // @RawSQLUse, trivial_implementation $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'"); if ( !is_array($metakeys)) { echo '

' . __('No Tags Found!') . '

'; Index: wp-admin/import/jkw.php =================================================================== --- wp-admin/import/jkw.php (revision 10451) +++ wp-admin/import/jkw.php (working copy) @@ -92,6 +92,7 @@ echo '

'.__('Reading Jerome’s Keywords Tags…').'

'; // import Jerome's Keywords tags + // @RawSQLUse, trivial_implementation $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'"); if ( !is_array($metakeys)) { echo '

' . __('No Tags Found!') . '

'; @@ -133,6 +134,7 @@ // import Jerome's Keywords tags $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1); + // @RawSQLUse, trivial_implementation $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename"); if ( !is_array($metakeys) ) { echo '

' . __('No Tags Found!') . '

'; @@ -164,6 +166,7 @@ /* options from V2.0a (jeromes-keywords.php) */ $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin'); + // @RawSQLUse, trivial_implementation $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1)); foreach ( $options as $o ) Index: wp-admin/import/dotclear.php =================================================================== --- wp-admin/import/dotclear.php (revision 10451) +++ wp-admin/import/dotclear.php (working copy) @@ -44,6 +44,7 @@ function link_exists($linkname) { global $wpdb; + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); } } @@ -228,6 +229,7 @@ $dbprefix = get_option('dcdbprefix'); // Get Categories + // @RawSQLUse, trivial_implementation return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A); } @@ -241,6 +243,7 @@ // Get Users + // @RawSQLUse, trivial_implementation return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A); } @@ -266,6 +269,7 @@ $dbprefix = get_option('dcdbprefix'); // Get Comments + // @RawSQLUse, trivial_implementation return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A); } Index: wp-admin/import/stp.php =================================================================== --- wp-admin/import/stp.php (revision 10451) +++ wp-admin/import/stp.php (working copy) @@ -117,6 +117,7 @@ function get_stp_posts ( ) { global $wpdb; // read in all the posts from the STP post->tag table: should be wp_post2tag + // @RawSQLUse, trivial_implementation $posts_query = "SELECT post_id, tag_name FROM " . $wpdb->prefix . "stp_tags"; $posts = $wpdb->get_results($posts_query); return $posts; Index: wp-admin/import/wp-cat2tag.php =================================================================== --- wp-admin/import/wp-cat2tag.php (revision 10451) +++ wp-admin/import/wp-cat2tag.php (working copy) @@ -272,6 +272,7 @@ if ( $values ) { $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $category->count, $category->term_id) ); } @@ -280,6 +281,7 @@ } // if tag already exists, add it to all posts in the category + // @RawSQLUse, trivial_implementation if ( $tag_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $category->term_id) ) ) { $objects_ids = get_objects_in_term($category->term_id, 'category'); $tag_ttid = (int) $tag_ttid; @@ -292,6 +294,7 @@ $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag_ttid) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $count, $category->term_id) ); } echo __('Tag added to all posts in this category.') . " *\n"; @@ -303,6 +306,7 @@ continue; } + // @RawSQLUse, trivial_implementation $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); if ( $tt_ids ) { $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); @@ -311,9 +315,11 @@ } // Change the category to a tag. + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); // Set all parents to 0 (root-level) if their parent was the converted tag + // @RawSQLUse, method_exists $parents = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); if ( $parents ) $clear_parents = true; @@ -366,6 +372,7 @@ if ( $tag = get_term( $tag_id, 'post_tag' ) ) { printf('
  • ' . __('Converting tag %s ... '), $tag->name); + // @RawSQLUse, trivial_implementation if ( $cat_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $tag->term_id) ) ) { $objects_ids = get_objects_in_term($tag->term_id, 'post_tag'); $cat_ttid = (int) $cat_ttid; @@ -381,6 +388,7 @@ if ( $default_cat != $tag->term_id ) { $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag->term_id) ); + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'category'", $count, $tag->term_id) ); } } @@ -394,6 +402,7 @@ } // Change the tag to a category. + // @RawSQLUse, trivial_implementation $parent = $wpdb->get_var( $wpdb->prepare("SELECT parent FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); if ( 0 == $parent || (0 < (int) $parent && $this->_category_exists($parent)) ) { $reset_parent = ''; @@ -401,6 +410,7 @@ } else $reset_parent = ", parent = '0'"; + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'category' $reset_parent WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); $clean_term_cache[] = $tag->term_id; Index: wp-admin/import/utw.php =================================================================== --- wp-admin/import/utw.php (revision 10451) +++ wp-admin/import/utw.php (working copy) @@ -187,6 +187,7 @@ global $wpdb; // read in all the tags from the UTW tags table: should be wp_tags + // @RawSQLUse, trivial_implementation $tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags"; $tags = $wpdb->get_results($tags_query); @@ -207,6 +208,7 @@ global $wpdb; // read in all the posts from the UTW post->tag table: should be wp_post2tag + // @RawSQLUse, trivial_implementation $posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag"; $posts = $wpdb->get_results($posts_query); Index: wp-admin/import/blogger.php =================================================================== --- wp-admin/import/blogger.php (revision 10451) +++ wp-admin/import/blogger.php (working copy) @@ -685,6 +685,7 @@ $host = $this->blogs[$importing_blog]['host']; // Get an array of posts => authors + // @RawSQLUse, trivial_implementation $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); $post_ids = join( ',', $post_ids ); $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); Index: wp-admin/import/textpattern.php =================================================================== --- wp-admin/import/textpattern.php (revision 10451) +++ wp-admin/import/textpattern.php (working copy) @@ -38,6 +38,7 @@ function link_exists($linkname) { global $wpdb; + // @RawSQLUse, trivial_implementation return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); } } @@ -84,6 +85,7 @@ $prefix = get_option('tpre'); // Get Categories + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT id, name, @@ -103,6 +105,7 @@ // Get Users + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT user_id, name, @@ -120,6 +123,7 @@ $prefix = get_option('tpre'); // Get Posts + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT ID, Posted, @@ -147,6 +151,7 @@ $prefix = get_option('tpre'); // Get Comments + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); } @@ -157,6 +162,7 @@ set_magic_quotes_runtime(0); $prefix = get_option('tpre'); + // @RawSQLUse, trivial_implementation return $txpdb->get_results('SELECT id, date, Index: wp-admin/import/wordpress.php =================================================================== --- wp-admin/import/wordpress.php (revision 10451) +++ wp-admin/import/wordpress.php (working copy) @@ -677,6 +677,7 @@ $local_child_id = $this->post_ids_processed[$child_id]; $local_parent_id = $this->post_ids_processed[$parent_id]; if ($local_child_id and $local_parent_id) { + // @RawSQLUse, method_exists $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id)); } } Index: wp-admin/upload.php =================================================================== --- wp-admin/upload.php (revision 10451) +++ wp-admin/upload.php (working copy) @@ -20,8 +20,9 @@ if ( ! current_user_can('edit_posts') ) wp_die( __('You are not allowed to scan for lost attachments.') ); - + $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'"); + // @RawSQLUse, trivial_implementation $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'"); $lost = array(); @@ -117,6 +118,7 @@ } else { $start = ( $_GET['paged'] - 1 ) * 25; $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" ); + // @RawSQLUse, trivial_implementation $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25); }