WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries12.diff

File prepared_queries12.diff, 2.9 KB (added by filosofo, 6 years ago)
  • wp-admin/import/dotclear.php

     
    1313        function get_comment_count($post_ID) 
    1414        { 
    1515                global $wpdb; 
    16                 return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID); 
     16                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    1717        } 
    1818} 
    1919 
     
    2222        function link_exists($linkname) 
    2323        { 
    2424                global $wpdb; 
    25                 return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"'); 
     25                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 
    2626        } 
    2727} 
    2828 
  • wp-admin/import/blogger.php

     
    641641                $host = $this->blogs[$importing_blog]['host']; 
    642642 
    643643                // Get an array of posts => authors 
    644                 $post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'"); 
     644                $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); 
    645645                $post_ids = join( ',', $post_ids ); 
    646646                $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); 
    647647                foreach ( $results as $row ) 
     
    658658                        $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] ); 
    659659                        $post_ids = join( ',', $post_ids); 
    660660 
    661                         $wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)"); 
     661                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) ); 
    662662                        $this->blogs[$importing_blog]['authors'][$author][1] = $user_id; 
    663663                } 
    664664                $this->save_vars(); 
  • wp-admin/import/textpattern.php

     
    88        function get_comment_count($post_ID) 
    99        { 
    1010                global $wpdb; 
    11                 return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID); 
     11                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    1212        } 
    1313} 
    1414 
     
    1717        function link_exists($linkname) 
    1818        { 
    1919                global $wpdb; 
    20                 return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"'); 
     20                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 
    2121        } 
    2222} 
    2323