WordPress.org
Get WordPress

Make WordPress Core

Ticket #6644: prepared_queries7.diff

File prepared_queries7.diff, 2.8 KB (added by filosofo, 18 years ago)

  • wp-admin/includes/bookmark.php

     
    4747
    4848        wp_delete_object_term_relationships($link_id, 'link_category');
    4949
    50         $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
     50        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
    5151
    5252        do_action('deleted_link', $link_id);
    5353
     
    119119        }
    120120
    121121        if ( $update ) {
    122                 $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
    123                         link_name='$link_name', link_image='$link_image',
    124                         link_target='$link_target',
    125                         link_visible='$link_visible', link_description='$link_description',
    126                         link_rating='$link_rating', link_rel='$link_rel',
    127                         link_notes='$link_notes', link_rss = '$link_rss'
    128                         WHERE link_id='$link_id'");
     122                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
     123                        link_name = %s, link_image = %s, link_target = %s,
     124                        link_visible = %s, link_description = %s, link_rating = %s,
     125                        link_rel = %s, link_notes = %s, link_rss = %s
     126                        WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
    129127        } else {
    130                 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
     128                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
     129                $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
    131130                $link_id = (int) $wpdb->insert_id;
    132131        }
    133132

  • wp-admin/includes/template.php

     
    892892
    893893function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
    894894        global $wpdb, $post_ID;
    895         $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" );
     895        $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) );
    896896
    897897        if ( $items ) {
    898898                foreach ( $items as $item ) {