WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries11.diff

File prepared_queries11.diff, 3.3 KB (added by filosofo, 14 years ago)
  • wp-admin/upload.php

     
    211211 
    212212if ( 1 == count($posts) && is_singular() ) :
    213213       
    214         $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
     214        $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
    215215        if ( $comments ) :
    216216                // Make sure comments, post, and post_author are cached
    217217                update_comment_cache($comments);
  • wp-admin/import/wp-cat2tag.php

     
    164164                                        $id = $id['term_taxonomy_id'];
    165165                                        $posts = get_objects_in_term($category->term_id, 'category');
    166166                                        foreach ( $posts as $post ) {
    167                                                 if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") )
    168                                                         $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')");
     167                                                if ( !$wpdb->get_var( $wpdb->prepare("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $post, $id) ) )
     168                                                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES (%d, %d)", $post, $id) );
    169169                                                clean_post_cache($post);
    170170                                        }
    171171                                } else {
    172                                         $tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
     172                                        $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
    173173                                        if ( $tt_ids ) {
    174174                                                $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id");
    175175                                                foreach ( (array) $posts as $post )
     
    177177                                        }
    178178
    179179                                        // Change the category to a tag.
    180                                         $wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
     180                                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
    181181
    182                                         $terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
     182                                        $terms = $wpdb->get_col( $wpdb->prepare("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
    183183                                        foreach ( (array) $terms as $term )
    184184                                                clean_category_cache($term);
    185185
    186186                                        // Set all parents to 0 (root-level) if their parent was the converted tag
    187                                         $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
     187                                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
    188188                                }
    189189                                // Clean the cache
    190190                                clean_category_cache($category->term_id);