WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries10.diff

File prepared_queries10.diff, 12.6 KB (added by filosofo, 10 years ago)
  • wp-admin/includes/upgrade.php

     function get_available_post_statuses($type = 'post') {
     
    218218                foreach($posts as $post) {
    219219                        if ('' == $post->post_name) {
    220220                                $newtitle = sanitize_title($post->post_title);
    221                                 $wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'");
     221                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) );
    222222                        }
    223223                }
    224224        }
     
    227227        foreach ($categories as $category) {
    228228                if ('' == $category->category_nicename) {
    229229                        $newtitle = sanitize_title($category->cat_name);
    230                         $wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'");
     230                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) );
    231231                }
    232232        }
    233233
     
    250250        if ($allposts) :
    251251                foreach ($allposts as $post) {
    252252                        // Check to see if it's already been imported
    253                         $cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category");
     253                        $cat = $wpdb->get_row( $wpdb->("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) );
    254254                        if (!$cat && 0 != $post->post_category) { // If there's no result
    255                                 $wpdb->query("
    256                                         INSERT INTO $wpdb->post2cat
     255                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat
    257256                                        (post_id, category_id)
    258                                         VALUES
    259                                         ('$post->ID', '$post->post_category')
    260                                         ");
     257                                        VALUES (%s, %s)
     258                                        ", $post->ID, $post->post_category) );
    261259                        }
    262260                }
    263261        endif;
     
    285283        foreach ($users as $user) {
    286284                if ('' == $user->user_nicename) {
    287285                        $newname = sanitize_title($user->user_nickname);
    288                         $wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
     286                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) );
    289287                }
    290288        }
    291289
     
    401399        foreach ( $options as $option ) {
    402400                if ( 1 != $option->dupes ) { // Could this be done in the query?
    403401                        $limit = $option->dupes - 1;
    404                         $dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit");
     402                        $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) );
    405403                        $dupe_ids = join($dupe_ids, ',');
    406404                        $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)");
    407405                }
     
    445443                        if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
    446444                        if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
    447445                        if (!$idmode) $id = $user->user_nickname;
    448                         $id = $wpdb->escape( $id );
    449                         $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
     446                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) );
    450447                endif;
    451448
    452449                // FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set.
     
    468465        $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" );
    469466        if( is_array( $comments ) ) {
    470467                foreach ($comments as $comment) {
    471                         $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" );
     468                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) );
    472469                }
    473470        }
    474471
     
    477474        if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) {
    478475                $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
    479476                foreach ($objects as $object) {
    480                         $wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment',
    481                         post_mime_type = '$object->post_type',
     477                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment',
     478                        post_mime_type = %s,
    482479                        post_type = ''
    483                         WHERE ID = $object->ID");
     480                        WHERE ID = %d", $object->post_type, $object->ID) );
    484481
    485482                        $meta = get_post_meta($object->ID, 'imagedata', true);
    486483                        if ( ! empty($meta['file']) )
     
    508505                                $type = 'attachment';
    509506                        }
    510507
    511                         $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
     508                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) );
    512509                }
    513510        }
    514511
     
    541538        $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID");
    542539        foreach ($categories as $category) {
    543540                $term_id = (int) $category->cat_ID;
    544                 $name = $wpdb->escape($category->cat_name);
    545                 $description = $wpdb->escape($category->category_description);
    546                 $slug = $wpdb->escape($category->category_nicename);
    547                 $parent = $wpdb->escape($category->category_parent);
    548541                $term_group = 0;
    549542
    550543                // Associate terms with the same slug in a term group and make slugs unique.
    551                 if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
     544                if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    552545                        $term_group = $exists[0]->term_group;
    553546                        $id = $exists[0]->term_id;
    554547                        $num = 2;
    555548                        do {
    556549                                $alt_slug = $slug . "-$num";
    557550                                $num++;
    558                                 $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'");
     551                                $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) );
    559552                        } while ( $slug_check );
    560553
    561554                        $slug = $alt_slug;
    562555
    563556                        if ( empty( $term_group ) ) {
    564557                                $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
    565                                 $wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'");
     558                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) );
    566559                        }
    567560                }
    568561
    569                 $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')");
     562                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES
     563                (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) );
    570564
    571565                $count = 0;
    572566                if ( !empty($category->category_count) ) {
    573567                        $count = (int) $category->category_count;
    574568                        $taxonomy = 'category';
    575                         $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     569                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    576570                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    577571                }
    578572
    579573                if ( !empty($category->link_count) ) {
    580574                        $count = (int) $category->link_count;
    581575                        $taxonomy = 'link_category';
    582                         $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     576                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    583577                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    584578                }
    585579
     
    587581                        $have_tags = true;
    588582                        $count = (int) $category->tag_count;
    589583                        $taxonomy = 'post_tag';
    590                         $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     584                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    591585                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    592586                }
    593587
    594588                if ( empty($count) ) {
    595589                        $count = 0;
    596590                        $taxonomy = 'category';
    597                         $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     591                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    598592                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    599593                }
    600594        }
     
    614608                if ( empty($tt_id) )
    615609                        continue;
    616610
    617                 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')");
     611                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) );
    618612        }
    619613
    620614        // < 3570 we used linkcategories.  >= 3570 we used categories and link2cat.
     
    633627                        $term_group = 0;
    634628
    635629                        // Associate terms with the same slug in a term group and make slugs unique.
    636                         if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
     630                        if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    637631                                $term_group = $exists[0]->term_group;
    638632                                $term_id = $exists[0]->term_id;
    639633                        }
    640634
    641635                        if ( empty($term_id) ) {
    642                                 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
     636                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) );
    643637                                $term_id = (int) $wpdb->insert_id;
    644638                        }
    645639
    646640                        $link_cat_id_map[$cat_id] = $term_id;
    647641                        $default_link_cat = $term_id;
    648642
    649                         $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')");
     643                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) );
    650644                        $tt_ids[$term_id] = (int) $wpdb->insert_id;
    651645                }
    652646
     
    662656                        if ( empty($tt_id) )
    663657                                continue;
    664658
    665                         $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')");
     659                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) );
    666660                }
    667661
    668662                // Set default to the last category we grabbed during the upgrade loop.
     
    677671                        if ( empty($tt_id) )
    678672                                continue;
    679673
    680                         $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')");
     674                        $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) );
    681675                }
    682676        }
    683677
     
    690684        $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy");
    691685        foreach ( (array) $terms as $term ) {
    692686                if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) )
    693                         $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'");
     687                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) );
    694688                else
    695                         $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
    696                 $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
     689                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) );
     690                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) );
    697691        }
    698692}
    699693
     
    823817                return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
    824818        }
    825819
    826         $option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
     820        $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) );
    827821
    828822        if ( 'home' == $setting && '' == $option )
    829823                return __get_option('siteurl');