WordPress.org

Make WordPress Core

Ticket #6644: prepared_queries7.diff

File prepared_queries7.diff, 2.8 KB (added by filosofo, 6 years ago)
  • wp-admin/includes/bookmark.php

     
    4747 
    4848        wp_delete_object_term_relationships($link_id, 'link_category'); 
    4949 
    50         $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'"); 
     50        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) ); 
    5151 
    5252        do_action('deleted_link', $link_id); 
    5353 
     
    119119        } 
    120120 
    121121        if ( $update ) { 
    122                 $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url', 
    123                         link_name='$link_name', link_image='$link_image', 
    124                         link_target='$link_target', 
    125                         link_visible='$link_visible', link_description='$link_description', 
    126                         link_rating='$link_rating', link_rel='$link_rel', 
    127                         link_notes='$link_notes', link_rss = '$link_rss' 
    128                         WHERE link_id='$link_id'"); 
     122                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s, 
     123                        link_name = %s, link_image = %s, link_target = %s,  
     124                        link_visible = %s, link_description = %s, link_rating = %s,  
     125                        link_rel = %s, link_notes = %s, link_rss = %s 
     126                        WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) ); 
    129127        } else { 
    130                 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')"); 
     128                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",  
     129                $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) ); 
    131130                $link_id = (int) $wpdb->insert_id; 
    132131        } 
    133132 
  • wp-admin/includes/template.php

     
    892892 
    893893function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) { 
    894894        global $wpdb, $post_ID; 
    895         $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" ); 
     895        $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) ); 
    896896 
    897897        if ( $items ) { 
    898898                foreach ( $items as $item ) {