WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries1.diff

File prepared_queries1.diff, 2.7 KB (added by filosofo, 14 years ago)
  • wp-comments-post.php

     
    1111
    1212$comment_post_ID = (int) $_POST['comment_post_ID'];
    1313
    14 $status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
     14$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
    1515
    1616if ( empty($status->comment_status) ) {
    1717        do_action('comment_id_not_found', $comment_post_ID);
  • wp-includes/taxonomy.php

     
    749749        }
    750750
    751751        if ( !empty($taxonomy) )
    752                 return $wpdb->get_row("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = '$taxonomy'", ARRAY_A);
     752                return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $taxonomy), ARRAY_A);
    753753
    754754        return $wpdb->get_var("SELECT term_id FROM $wpdb->terms as t WHERE $where");
    755755}
     
    888888        if ( $ignore_empty )
    889889                $where = 'AND count > 0';
    890890
    891         $taxonomy = $wpdb->escape( $taxonomy );
    892         return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = '$taxonomy' $where");
     891        return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) );
    893892}
    894893
    895894/**
     
    918917        foreach ( $taxonomies as $taxonomy ) {
    919918                $terms = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids');
    920919                $in_terms = "'" . implode("', '", $terms) . "'";
    921                 $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_terms)");
     920                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_terms)", $object_id) );
    922921                wp_update_term_count($terms, $taxonomy);
    923922        }
    924923}
     
    12931292                $delete_terms = array_diff($old_terms, $tt_ids);
    12941293                if ( $delete_terms ) {
    12951294                        $in_delete_terms = "'" . implode("', '", $delete_terms) . "'";
    1296                         $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_delete_terms)");
     1295                        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) );
    12971296                        wp_update_term_count($delete_terms, $taxonomy);
    12981297                }
    12991298        }