WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries12.diff

File prepared_queries12.diff, 2.9 KB (added by filosofo, 10 years ago)
  • wp-admin/import/dotclear.php

     
    1313        function get_comment_count($post_ID)
    1414        {
    1515                global $wpdb;
    16                 return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
     16                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    1717        }
    1818}
    1919
     
    2222        function link_exists($linkname)
    2323        {
    2424                global $wpdb;
    25                 return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
     25                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
    2626        }
    2727}
    2828
  • wp-admin/import/blogger.php

     
    641641                $host = $this->blogs[$importing_blog]['host'];
    642642
    643643                // Get an array of posts => authors
    644                 $post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'");
     644                $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
    645645                $post_ids = join( ',', $post_ids );
    646646                $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
    647647                foreach ( $results as $row )
     
    658658                        $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
    659659                        $post_ids = join( ',', $post_ids);
    660660
    661                         $wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)");
     661                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
    662662                        $this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
    663663                }
    664664                $this->save_vars();
  • wp-admin/import/textpattern.php

     
    88        function get_comment_count($post_ID)
    99        {
    1010                global $wpdb;
    11                 return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
     11                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    1212        }
    1313}
    1414
     
    1717        function link_exists($linkname)
    1818        {
    1919                global $wpdb;
    20                 return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
     20                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
    2121        }
    2222}
    2323