WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries2.diff

File prepared_queries2.diff, 2.8 KB (added by filosofo, 14 years ago)
  • wp-includes/post.php

     
    474474        $query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d AND $wpdb->term_taxonomy.taxonomy = 'category')", $category);
    475475        $query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent);
    476476        // expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works
    477         $query .= empty( $meta_key ) | empty($meta_value)  ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )";
     477        $query .= empty( $meta_key ) | empty($meta_value)  ? '' : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value);
    478478        $query .= empty( $post_mime_type ) ? '' : wp_post_mime_type_where($post_mime_type);
    479479        $query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order;
    480480        if ( 0 < $numberposts )
     
    19451945        $query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ;
    19461946        $query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ;
    19471947        // expected_slashed ($meta_key, $meta_value) -- also, it looks funky
    1948         $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ;
     1948        $query .= ( empty( $meta_key ) | empty($meta_value)  ? "" : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value) ) ;
    19491949        $query .= $author_query;
    19501950        $query .= " ORDER BY " . $sort_column . " " . $sort_order ;
    19511951
     
    27222722
    27232723        do_action('clean_page_cache', $id);
    27242724
    2725         if ( $children = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_parent = '$id'" ) )
     2725        if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) )
    27262726                foreach( $children as $cid )
    27272727                        clean_post_cache( $cid );
    27282728}
     
    29592959        return;
    29602960
    29612961    $id = $_post->ancestors[] = $_post->post_parent;
    2962     while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) {
     2962    while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
    29632963        if ( $id == $ancestor )
    29642964                break;
    29652965        $id = $_post->ancestors[] = $ancestor;