Ticket #6836: wordpress-trunk_20090124_sqlannotations.diff
File wordpress-trunk_20090124_sqlannotations.diff, 130.9 KB (added by , 16 years ago) |
---|
-
wp-comments-post.php
19 19 20 20 $comment_post_ID = (int) $_POST['comment_post_ID']; 21 21 22 // @RawSQLUse, trivial_implementation 22 23 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 23 24 24 25 if ( empty($status->comment_status) ) { -
wp-login.php
133 133 else if ( is_wp_error($allow) ) 134 134 return $allow; 135 135 136 // @RawSQLUse, trivial_implementation 136 137 $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 137 138 if ( empty($key) ) { 138 139 // Generate something random for a key... 139 140 $key = wp_generate_password(20, false); 140 141 do_action('retrieve_password_key', $user_login, $key); 141 142 // Now insert the new md5 key into the db 143 // @RawSQLUse, method_exists 142 144 $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); 143 145 } 144 146 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; … … 169 171 if ( empty( $key ) ) 170 172 return new WP_Error('invalid_key', __('Invalid key')); 171 173 174 // @RawSQLUse, trivial_implementation 172 175 $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 173 176 if ( empty( $user ) ) 174 177 return new WP_Error('invalid_key', __('Invalid key')); -
wp-includes/taxonomy.php
248 248 $taxonomies = "'" . implode("', '", $taxonomies) . "'"; 249 249 $terms = "'" . implode("', '", $terms) . "'"; 250 250 251 // @RawSQLUse, algorithmic 251 252 $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($terms) ORDER BY tr.object_id $order"); 252 253 253 254 if ( ! $object_ids ) … … 317 318 $term = $term->term_id; 318 319 $term = (int) $term; 319 320 if ( ! $_term = wp_cache_get($term, $taxonomy) ) { 321 // @RawSQLUse, algorithmic 320 322 $_term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.term_id = %s LIMIT 1", $taxonomy, $term) ); 321 323 wp_cache_add($term, $_term, $taxonomy); 322 324 } … … 386 388 $value = (int) $value; 387 389 } 388 390 391 // @RawSQLUse, algorithmic 389 392 $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) ); 390 393 if ( !$term ) 391 394 return false; … … 590 593 * @param string|array $args The values of what to search for when returning terms 591 594 * @return array|WP_Error List of Term Objects and their children. Will return WP_Error, if any of $taxonomies do not exist. 592 595 */ 596 593 597 function &get_terms($taxonomies, $args = '') { 594 598 global $wpdb; 595 599 $empty_array = array(); … … 759 763 else if ( 'names' == $fields ) 760 764 $select_this = 't.term_id, tt.parent, tt.count, t.name'; 761 765 766 // @RawSQLUse, algorithmic 762 767 $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit"; 763 768 764 769 $terms = $wpdb->get_results($query); … … 839 844 function is_term($term, $taxonomy = '') { 840 845 global $wpdb; 841 846 847 // @RawSQLUse, algorithmic 842 848 $select = "SELECT term_id FROM $wpdb->terms as t WHERE "; 849 // @RawSQLUse, algorithmic 843 850 $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE "; 844 851 845 852 if ( is_int($term) ) { … … 859 866 $else_where = 't.name = %s'; 860 867 861 868 if ( !empty($taxonomy) ) { 869 // @RawSQLUse, algorithmic 862 870 if ( $result = $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $slug, $taxonomy), ARRAY_A) ) 863 871 return $result; 864 872 // @RawSQLUse, algorithmic 865 873 return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A); 866 874 } 867 875 // @RawSQLUse, algorithmic 868 876 if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) ) 869 877 return $result; 870 878 879 // @RawSQLUse, algorithmic 871 880 return $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $else_where", $term) ); 872 881 } 873 882 … … 1017 1026 if ( $ignore_empty ) 1018 1027 $where = 'AND count > 0'; 1019 1028 1029 // @RawSQLUse, simple_code 1020 1030 return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) ); 1021 1031 } 1022 1032 … … 1046 1056 foreach ( (array) $taxonomies as $taxonomy ) { 1047 1057 $tt_ids = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids'); 1048 1058 $in_tt_ids = "'" . implode("', '", $tt_ids) . "'"; 1059 // @RawSQLUse, algorithmic 1049 1060 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_tt_ids)", $object_id) ); 1050 1061 wp_update_term_count($tt_ids, $taxonomy); 1051 1062 } … … 1106 1117 $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) ); 1107 1118 } 1108 1119 1120 // @RawSQLUse, trivial_implementation 1109 1121 $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) ); 1110 1122 1111 1123 foreach ( (array) $objects as $object ) { … … 1118 1130 wp_set_object_terms($object, $terms, $taxonomy); 1119 1131 } 1120 1132 1133 // @RawSQLUse, trivial_implementation 1121 1134 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) ); 1122 1135 1123 1136 // Delete the term if no taxonomies use it. 1137 // @RawSQLUse, simple_code 1124 1138 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) ) 1139 // @RawSQLUse, trivial_implementation 1125 1140 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) ); 1126 1141 1127 1142 clean_term_cache($term, $taxonomy); … … 1164 1179 * @param array|string $args Change what is returned 1165 1180 * @return array|WP_Error The requested term data or empty array if no terms found. WP_Error if $taxonomy does not exist. 1166 1181 */ 1182 1167 1183 function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { 1168 1184 global $wpdb; 1169 1185 … … 1225 1241 else if ( 'all_with_object_id' == $fields ) 1226 1242 $select_this = 't.*, tt.*, tr.object_id'; 1227 1243 1244 // @RawSQLUse, algorithmic 1228 1245 $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tr.object_id IN ($object_ids) ORDER BY $orderby $order"; 1229 1246 1230 1247 if ( 'all' == $fields || 'all_with_object_id' == $fields ) { … … 1233 1250 } else if ( 'ids' == $fields || 'names' == $fields ) { 1234 1251 $terms = array_merge($terms, $wpdb->get_col($query)); 1235 1252 } else if ( 'tt_ids' == $fields ) { 1253 // @RawSQLUse, algorithmic 1236 1254 $terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id IN ($object_ids) AND tt.taxonomy IN ($taxonomies) ORDER BY tr.term_taxonomy_id $order"); 1237 1255 } 1238 1256 … … 1322 1340 1323 1341 $term_group = 0; 1324 1342 if ( $alias_of ) { 1343 // @RawSQLUse, trivial_implementation 1325 1344 $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 1326 1345 if ( $alias->term_group ) { 1327 1346 // The alias we want is already in a group, so let's use that one. 1328 1347 $term_group = $alias->term_group; 1329 1348 } else { 1330 1349 // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. 1350 // @RawSQLUse, simple_code 1331 1351 $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; 1352 // @RawSQLUse, method_exists 1332 1353 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); 1333 1354 } 1334 1355 } … … 1351 1372 $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); 1352 1373 } 1353 1374 1375 // @RawSQLUse, algorithmic 1354 1376 $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id ) ); 1355 1377 1356 1378 if ( !empty($tt_id) ) … … 1423 1445 $tt_id = $term_info['term_taxonomy_id']; 1424 1446 $tt_ids[] = $tt_id; 1425 1447 1448 // @RawSQLUse, trivial_implementation 1426 1449 if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) ) 1427 1450 continue; 1428 1451 $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) ); … … 1434 1457 $delete_terms = array_diff($old_tt_ids, $tt_ids); 1435 1458 if ( $delete_terms ) { 1436 1459 $in_delete_terms = "'" . implode("', '", $delete_terms) . "'"; 1460 // @RawSQLUse, algorithmic 1437 1461 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) ); 1438 1462 wp_update_term_count($delete_terms, $taxonomy); 1439 1463 } … … 1448 1472 if ( in_array($tt_id, $final_tt_ids) ) 1449 1473 $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tt_id, ++$term_order); 1450 1474 if ( $values ) 1475 // @RawSQLUse, simple_code 1451 1476 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 1452 1477 } 1453 1478 … … 1498 1523 1499 1524 // If we didn't get a unique slug, try appending a number to make it unique. 1500 1525 if ( !empty($args['term_id']) ) 1526 // @RawSQLUse, algorithmic 1501 1527 $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] ); 1502 1528 else 1529 // @RawSQLUse, trivial_implementation 1503 1530 $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ); 1504 1531 1505 1532 if ( $wpdb->get_var( $query ) ) { … … 1507 1534 do { 1508 1535 $alt_slug = $slug . "-$num"; 1509 1536 $num++; 1537 // @RawSQLUse, trivial_implementation 1510 1538 $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) ); 1511 1539 } while ( $slug_check ); 1512 1540 $slug = $alt_slug; … … 1586 1614 } 1587 1615 1588 1616 if ( $alias_of ) { 1617 // @RawSQLUse, trivial_implementation 1589 1618 $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 1590 1619 if ( $alias->term_group ) { 1591 1620 // The alias we want is already in a group, so let's use that one. 1592 1621 $term_group = $alias->term_group; 1593 1622 } else { 1594 1623 // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. 1624 // @RawSQLUse, simple_code 1595 1625 $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; 1596 1626 $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) ); 1597 1627 } 1598 1628 } 1599 1629 1600 1630 // Check for duplicate slug 1631 // @RawSQLUse, trivial_implementation 1601 1632 $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); 1602 1633 if ( $id && ($id != $term_id) ) { 1603 1634 // If an empty slug was passed or the parent changed, reset the slug to something unique. … … 1615 1646 $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); 1616 1647 } 1617 1648 1649 // @RawSQLUse, algorithmic 1618 1650 $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) ); 1619 1651 1620 1652 $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxonomy_id' => $tt_id ) ); … … 1717 1749 } else { 1718 1750 // Default count updater 1719 1751 foreach ( (array) $terms as $term) { 1752 // @RawSQLUse, simple_code 1720 1753 $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term) ); 1721 1754 $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); 1722 1755 } … … 1785 1818 // If no taxonomy, assume tt_ids. 1786 1819 if ( empty($taxonomy) ) { 1787 1820 $tt_ids = implode(', ', $ids); 1821 // @RawSQLUse, algorithmic 1788 1822 $terms = $wpdb->get_results("SELECT term_id, taxonomy FROM $wpdb->term_taxonomy WHERE term_taxonomy_id IN ($tt_ids)"); 1789 1823 foreach ( (array) $terms as $term ) { 1790 1824 $taxonomies[] = $term->taxonomy; … … 2053 2087 } 2054 2088 2055 2089 // Get the object and term ids and stick them in a lookup table 2090 // @RawSQLUse, algorithmic 2056 2091 $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'"); 2057 2092 foreach ( $results as $row ) { 2058 2093 $id = $term_ids[$row->term_taxonomy_id]; … … 2099 2134 global $wpdb; 2100 2135 2101 2136 foreach ( (array) $terms as $term ) { 2137 // @RawSQLUse, simple_code 2102 2138 $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term ) ); 2103 2139 $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); 2104 2140 } -
wp-includes/post.php
224 224 $post = $post->ID; 225 225 $post = (int) $post; 226 226 if ( ! $_post = wp_cache_get($post, 'posts') ) { 227 // @RawSQLUse, simple_code 227 228 $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); 228 229 if ( ! $_post ) 229 230 return $null; … … 424 425 global $wpdb; 425 426 426 427 $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); 428 // @RawSQLUse, method_exists 427 429 $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); 428 430 429 431 if ( 'page' == $post_type ) … … 519 521 // expected_slashed ($meta_key) 520 522 $meta_key = stripslashes($meta_key); 521 523 524 // @RawSQLUse, trivial_implementation 522 525 if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) 523 526 return false; 524 527 … … 559 562 $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); 560 563 561 564 if ( empty( $meta_value ) ) 565 // @RawSQLUse, trivial_implementation 562 566 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 563 567 else 568 // @RawSQLUse, trivial_implementation 564 569 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 565 570 566 571 if ( !$meta_id ) 567 572 return false; 568 573 569 574 if ( empty( $meta_value ) ) 575 // @RawSQLUse, trivial_implementation 570 576 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 571 577 else 578 // @RawSQLUse, trivial_implementation 572 579 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 573 580 574 581 wp_cache_delete($post_id, 'post_meta'); … … 637 644 // expected_slashed ($meta_key) 638 645 $meta_key = stripslashes($meta_key); 639 646 647 // @RawSQLUse, trivial_implementation 640 648 if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) { 641 649 return add_post_meta($post_id, $meta_key, $meta_value); 642 650 } … … 667 675 */ 668 676 function delete_post_meta_by_key($post_meta_key) { 669 677 global $wpdb; 678 // @RawSQLUse, trivial_implementation 670 679 if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { 671 680 /** @todo Get post_ids and delete cache */ 672 681 // wp_cache_delete($post_id, 'post_meta'); … … 950 959 951 960 $cache_key = $type; 952 961 962 // @RawSQLUse, simple_code 953 963 $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s"; 954 964 if ( 'readable' == $perm && is_user_logged_in() ) { 955 965 if ( !current_user_can("read_private_{$type}s") ) { … … 994 1004 global $wpdb; 995 1005 996 1006 $and = wp_post_mime_type_where( $mime_type ); 1007 // @RawSQLUse, simple_code 997 1008 $count = $wpdb->get_results( "SELECT post_mime_type, COUNT( * ) AS num_posts FROM $wpdb->posts WHERE post_type = 'attachment' $and GROUP BY post_mime_type", ARRAY_A ); 998 1009 999 1010 $stats = array( ); … … 1101 1112 function wp_delete_post($postid = 0) { 1102 1113 global $wpdb, $wp_rewrite; 1103 1114 1115 // @RawSQLUse, trivial_implementation 1104 1116 if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 1105 1117 return $post; 1106 1118 … … 1127 1139 } 1128 1140 1129 1141 // Point children of this page to its parent, also clean the cache of affected children 1142 // @RawSQLUse, trivial_implementation 1130 1143 $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid); 1131 1144 $children = $wpdb->get_results($children_query); 1132 1145 … … 1136 1149 } 1137 1150 1138 1151 // Do raw query. wp_get_post_revisions() is filtered 1152 // @RawSQLUse, trivial_implementation 1139 1153 $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) ); 1140 1154 // Use wp_delete_post (via wp_delete_post_revision) again. Ensures any meta/misplaced data gets cleaned up. 1141 1155 foreach ( $revision_ids as $revision_id ) … … 1144 1158 // Point all attachments to this post up one level 1145 1159 $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); 1146 1160 1161 // @RawSQLUse, trivial_implementation 1147 1162 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 1148 1163 1164 // @RawSQLUse, trivial_implementation 1149 1165 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 1150 1166 1167 // @RawSQLUse, trivial_implementation 1151 1168 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); 1152 1169 1153 1170 if ( 'page' == $post->post_type ) { … … 1258 1275 $limit = "LIMIT $num"; 1259 1276 } 1260 1277 1278 // @RawSQLUse, simple_code 1261 1279 $sql = "SELECT * FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC $limit"; 1262 1280 $result = $wpdb->get_results($sql,ARRAY_A); 1263 1281 … … 1467 1485 $post_password = ''; 1468 1486 1469 1487 if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) { 1488 // @RawSQLUse, algorithmic 1470 1489 $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); 1471 1490 1472 1491 if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { 1473 1492 $suffix = 2; 1474 1493 do { 1475 1494 $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; 1495 // @RawSQLUse, algorithmic 1476 1496 $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_type, $post_ID, $post_parent)); 1477 1497 $suffix++; 1478 1498 } while ($post_name_check); … … 1500 1520 // If there is a suggested ID, use it if not already present 1501 1521 if ( !empty($import_id) ) { 1502 1522 $import_id = (int) $import_id; 1523 // @RawSQLUse, trivial_implementation 1503 1524 if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 1504 1525 $data['ID'] = $import_id; 1505 1526 } … … 1814 1835 */ 1815 1836 function add_ping($post_id, $uri) { 1816 1837 global $wpdb; 1838 // @RawSQLUse, trivial_implementation 1817 1839 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 1818 1840 $pung = trim($pung); 1819 1841 $pung = preg_split('/\s/', $pung); … … 1863 1885 */ 1864 1886 function get_pung($post_id) { 1865 1887 global $wpdb; 1888 // @RawSQLUse, trivial_implementation 1866 1889 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 1867 1890 $pung = trim($pung); 1868 1891 $pung = preg_split('/\s/', $pung); … … 1881 1904 */ 1882 1905 function get_to_ping($post_id) { 1883 1906 global $wpdb; 1907 // @RawSQLUse, trivial_implementation 1884 1908 $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 1885 1909 $to_ping = trim($to_ping); 1886 1910 $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); … … 1935 1959 global $wpdb; 1936 1960 1937 1961 if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { 1962 // @RawSQLUse, trivial_implementation 1938 1963 $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); 1939 1964 wp_cache_add('all_page_ids', $page_ids, 'posts'); 1940 1965 } … … 1988 2013 foreach( (array) $page_paths as $pathdir) 1989 2014 $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); 1990 2015 2016 // @RawSQLUse, algorithmic 1991 2017 $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND (post_type = 'page' OR post_type = 'attachment')", $leaf_path )); 1992 2018 1993 2019 if ( empty($pages) ) … … 1997 2023 $path = '/' . $leaf_path; 1998 2024 $curpage = $page; 1999 2025 while ($curpage->post_parent != 0) { 2026 // @RawSQLUse, trivial_implementation 2000 2027 $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); 2001 2028 $path = '/' . $curpage->post_name . $path; 2002 2029 } … … 2020 2047 */ 2021 2048 function get_page_by_title($page_title, $output = OBJECT) { 2022 2049 global $wpdb; 2050 // @RawSQLUse, trivial_implementation 2023 2051 $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); 2024 2052 if ( $page ) 2025 2053 return get_page($page, $output); … … 2114 2142 * 2115 2143 * @param mixed $args Optional. Array or string of options that overrides defaults. 2116 2144 * @return array List of pages matching defaults or $args 2145 * @RawSQLUse, algorithmic 2117 2146 */ 2147 2118 2148 function &get_pages($args = '') { 2119 2149 global $wpdb; 2120 2150 … … 2221 2251 if ( $parent >= 0 ) 2222 2252 $where .= $wpdb->prepare(' AND post_parent = %d ', $parent); 2223 2253 2254 // @RawSQLUse, algorithmic 2224 2255 $query = "SELECT * FROM $wpdb->posts $join WHERE (post_type = 'page' AND post_status = 'publish') $where "; 2225 2256 $query .= $author_query; 2226 2257 $query .= " ORDER BY " . $sort_column . " " . $sort_order ; … … 2374 2405 $post_name = sanitize_title($post_name); 2375 2406 2376 2407 // expected_slashed ($post_name) 2408 // @RawSQLUse, algorithmic 2377 2409 $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID)); 2378 2410 2379 2411 if ($post_name_check) { … … 2381 2413 while ($post_name_check) { 2382 2414 $alt_post_name = $post_name . "-$suffix"; 2383 2415 // expected_slashed ($alt_post_name, $post_name) 2416 // @RawSQLUse, algorithmic 2384 2417 $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent)); 2385 2418 $suffix++; 2386 2419 } … … 2437 2470 // If there is a suggested ID, use it if not already present 2438 2471 if ( !empty($import_id) ) { 2439 2472 $import_id = (int) $import_id; 2473 // @RawSQLUse, trivial_implementation 2440 2474 if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 2441 2475 $data['ID'] = $import_id; 2442 2476 } … … 2484 2518 function wp_delete_attachment($postid) { 2485 2519 global $wpdb; 2486 2520 2521 // @RawSQLUse, trivial_implementation 2487 2522 if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 2488 2523 return $post; 2489 2524 … … 2498 2533 /** @todo Delete for pluggable post taxonomies too */ 2499 2534 wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 2500 2535 2536 // @RawSQLUse, trivial_implementation 2501 2537 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 2502 2538 2539 // @RawSQLUse, trivial_implementation 2503 2540 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 2504 2541 2542 // @RawSQLUse, trivial_implementation 2505 2543 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); 2506 2544 2507 2545 $uploadPath = wp_upload_dir(); 2508 2546 2509 2547 if ( ! empty($meta['thumb']) ) { 2510 2548 // Don't delete the thumb if another attachment uses it 2549 // @RawSQLUse, algorithmic 2511 2550 if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { 2512 2551 $thumbfile = str_replace(basename($file), $meta['thumb'], $file); 2513 2552 $thumbfile = apply_filters('wp_delete_file', $thumbfile); … … 2832 2871 * 2833 2872 * @param string $post_type currently only supports 'post' or 'page'. 2834 2873 * @return string SQL code that can be added to a where clause. 2874 * @RawSQLUse, algorithmic 2835 2875 */ 2876 2836 2877 function get_private_posts_cap_sql($post_type) { 2837 2878 global $user_ID; 2838 2879 $cap = ''; … … 2894 2935 if ( !isset($cache_lastpostdate[$blog_id][$timezone]) ) { 2895 2936 switch(strtolower($timezone)) { 2896 2937 case 'gmt': 2938 // @RawSQLUse, simple_code 2897 2939 $lastpostdate = $wpdb->get_var("SELECT post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 2898 2940 break; 2899 2941 case 'blog': 2942 // @RawSQLUse, simple_code 2900 2943 $lastpostdate = $wpdb->get_var("SELECT post_date FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 2901 2944 break; 2902 2945 case 'server': 2946 // @RawSQLUse, simple_code 2903 2947 $lastpostdate = $wpdb->get_var("SELECT DATE_ADD(post_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 2904 2948 break; 2905 2949 } … … 2933 2977 if ( !isset($cache_lastpostmodified[$blog_id][$timezone]) ) { 2934 2978 switch(strtolower($timezone)) { 2935 2979 case 'gmt': 2980 // @RawSQLUse, simple_code 2936 2981 $lastpostmodified = $wpdb->get_var("SELECT post_modified_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 2937 2982 break; 2938 2983 case 'blog': 2984 // @RawSQLUse, simple_code 2939 2985 $lastpostmodified = $wpdb->get_var("SELECT post_modified FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 2940 2986 break; 2941 2987 case 'server': 2988 // @RawSQLUse, simple_code 2942 2989 $lastpostmodified = $wpdb->get_var("SELECT DATE_ADD(post_modified_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 2943 2990 break; 2944 2991 } … … 3003 3050 3004 3051 do_action('clean_post_cache', $id); 3005 3052 3053 // @RawSQLUse, trivial_implementation 3006 3054 if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) { 3007 3055 foreach( $children as $cid ) 3008 3056 clean_post_cache( $cid ); … … 3119 3167 // Get post-meta info 3120 3168 $id_list = join(',', $ids); 3121 3169 $cache = array(); 3170 // @RawSQLUse, algorithmic 3122 3171 if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN ($id_list)", ARRAY_A) ) { 3123 3172 foreach ( (array) $meta_list as $metarow) { 3124 3173 $mpid = (int) $metarow['post_id']; … … 3283 3332 return; 3284 3333 3285 3334 $id = $_post->ancestors[] = $_post->post_parent; 3335 // @RawSQLUse, simple_code 3286 3336 while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) { 3287 3337 if ( $id == $ancestor ) 3288 3338 break; -
wp-includes/comment.php
80 80 $domain = $uri['host']; 81 81 $uri = parse_url( get_option('home') ); 82 82 $home_domain = $uri['host']; 83 // @RawSQLUse, algorithmic 83 84 if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 84 85 return true; 85 86 else 86 87 return false; 87 88 } elseif ( $author != '' && $email != '' ) { 88 89 // expected_slashed ($author, $email) 90 // @RawSQLUse, simple_code 89 91 $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 90 92 if ( ( 1 == $ok_to_comment ) && 91 93 ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) … … 110 112 */ 111 113 function get_approved_comments($post_id) { 112 114 global $wpdb; 115 // @RawSQLUse, simple_code 113 116 return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); 114 117 } 115 118 … … 145 148 if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { 146 149 $_comment = & $GLOBALS['comment']; 147 150 } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { 151 // @RawSQLUse, simple_code 148 152 $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); 149 153 wp_cache_add($_comment->comment_ID, $_comment, 'comment'); 150 154 } … … 231 235 else 232 236 $post_where = ''; 233 237 238 // @RawSQLUse, algorithmic 234 239 $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE $post_where $approved ORDER BY $orderby $order $number" ); 235 240 wp_cache_add( $cache_key, $comments, 'comment' ); 236 241 … … 281 286 282 287 switch ( strtolower($timezone)) { 283 288 case 'gmt': 289 // @RawSQLUse, simple_code 284 290 $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); 285 291 break; 286 292 case 'blog': 293 // @RawSQLUse, simple_code 287 294 $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); 288 295 break; 289 296 case 'server': 297 // @RawSQLUse, simple_code 290 298 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server)); 291 299 break; 292 300 } … … 319 327 $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id); 320 328 } 321 329 330 // @RawSQLUse, simple_code 322 331 $totals = (array) $wpdb->get_results(" 323 332 SELECT comment_approved, COUNT( * ) AS total 324 333 FROM {$wpdb->comments} … … 418 427 if ( $user_id ) { 419 428 $userdata = get_userdata($user_id); 420 429 $user = new WP_User($user_id); 430 // @RawSQLUse, simple_code 421 431 $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); 422 432 } 423 433 … … 459 469 global $wpdb; 460 470 if ( current_user_can( 'manage_options' ) ) 461 471 return; // don't throttle admins 472 // @RawSQLUse, algorithmic 462 473 if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) { 463 474 $time_lastcomment = mysql2date('U', $lasttime); 464 475 $time_newcomment = mysql2date('U', $date); … … 592 603 $comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : ''; 593 604 594 605 // Count comments older than this one 606 // @RawSQLUse, algorithmic 595 607 $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) ); 596 608 597 609 // No older comments? Then it's page #1. … … 692 704 if( $post_id > 0 ) 693 705 $where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id ); 694 706 707 // @RawSQLUse, simple_code 695 708 $count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A ); 696 709 697 710 $total = 0; … … 736 749 737 750 $comment = get_comment($comment_id); 738 751 752 // @RawSQLUse, trivial_implementation 739 753 if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) 740 754 return false; 741 755 … … 878 892 if ( ! isset($comment_type) ) 879 893 $comment_type = ''; 880 894 895 // @RawSQLUse, method_exists 881 896 $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments 882 897 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) 883 898 VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", … … 1016 1031 1017 1032 switch ( $comment_status ) { 1018 1033 case 'hold': 1034 // @RawSQLUse, simple_code 1019 1035 $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); 1020 1036 break; 1021 1037 case 'approve': 1038 // @RawSQLUse, simple_code 1022 1039 $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); 1023 1040 if ( get_option('comments_notify') ) { 1024 1041 $comment = get_comment($comment_id); … … 1026 1043 } 1027 1044 break; 1028 1045 case 'spam': 1046 // @RawSQLUse, simple_code 1029 1047 $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); 1030 1048 break; 1031 1049 case 'delete': … … 1091 1109 else if ( 'approve' == $comment_approved ) 1092 1110 $comment_approved = 1; 1093 1111 1112 // @RawSQLUse, method_exists 1094 1113 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET 1095 1114 comment_content = %s, 1096 1115 comment_author = %s, … … 1205 1224 return false; 1206 1225 1207 1226 $old = (int) $post->comment_count; 1227 // @RawSQLUse, trivial_implementation 1208 1228 $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); 1229 // @RawSQLUse, method_exists 1209 1230 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); 1210 1231 1211 1232 if ( 'page' == $post->post_type ) … … 1291 1312 global $wpdb; 1292 1313 1293 1314 // Do pingbacks 1315 // @RawSQLUse, simple_code 1294 1316 while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { 1317 // @RawSQLUse, trivial_implementation 1295 1318 $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); 1296 1319 pingback($ping->post_content, $ping->ID); 1297 1320 } 1298 1321 1299 1322 // Do Enclosures 1323 // @RawSQLUse, simple_code 1300 1324 while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { 1325 // @RawSQLUse, trivial_implementation 1301 1326 $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); 1302 1327 do_enclose($enclosure->post_content, $enclosure->ID); 1303 1328 } 1304 1329 1305 1330 // Do Trackbacks 1331 // @RawSQLUse, algorithmic 1306 1332 $trackbacks = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE to_ping <> '' AND post_status = 'publish'"); 1307 1333 if ( is_array($trackbacks) ) 1308 1334 foreach ( $trackbacks as $trackback ) … … 1323 1349 function do_trackbacks($post_id) { 1324 1350 global $wpdb; 1325 1351 1352 // @RawSQLUse, trivial_implementation 1326 1353 $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); 1327 1354 $to_ping = get_to_ping($post_id); 1328 1355 $pinged = get_pung($post_id); 1329 1356 if ( empty($to_ping) ) { 1357 // @RawSQLUse, method_exists 1330 1358 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); 1331 1359 return; 1332 1360 } … … 1348 1376 trackback($tb_ping, $post_title, $excerpt, $post_id); 1349 1377 $pinged[] = $tb_ping; 1350 1378 } else { 1379 // @RawSQLUse, simple_code 1351 1380 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); 1352 1381 } 1353 1382 } … … 1501 1530 return; 1502 1531 1503 1532 $tb_url = addslashes( $trackback_url ); 1533 // @RawSQLUse, simple_code 1504 1534 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) ); 1535 // @RawSQLUse, simple_code 1505 1536 return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) ); 1506 1537 } 1507 1538 -
wp-includes/functions.php
331 331 if ( defined( 'WP_INSTALLING' ) ) 332 332 $suppress = $wpdb->suppress_errors(); 333 333 // expected_slashed ($setting) 334 // @RawSQLUse, simple_code 334 335 $row = $wpdb->get_row( "SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1" ); 335 336 if ( defined( 'WP_INSTALLING' ) ) 336 337 $wpdb->suppress_errors($suppress); … … 407 408 function get_alloptions() { 408 409 global $wpdb; 409 410 $show = $wpdb->hide_errors(); 411 // @RawSQLUse, trivial_implementation 410 412 if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 413 // @RawSQLUse, trivial_implementation 411 414 $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 412 415 $wpdb->show_errors($show); 413 416 … … 441 444 442 445 if ( !$alloptions ) { 443 446 $suppress = $wpdb->suppress_errors(); 447 // @RawSQLUse, trivial_implementation 444 448 if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 449 // @RawSQLUse, trivial_implementation 445 450 $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 446 451 $wpdb->suppress_errors($suppress); 447 452 $alloptions = array(); … … 514 519 wp_cache_set( $option_name, $newvalue, 'options' ); 515 520 } 516 521 522 // @RawSQLUse, method_exists 517 523 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); 518 524 if ( $wpdb->rows_affected == 1 ) { 519 525 do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); … … 581 587 wp_cache_set( 'notoptions', $notoptions, 'options' ); 582 588 } 583 589 590 // @RawSQLUse, method_exists 584 591 $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); 585 592 586 593 do_action( "add_option_{$name}", $name, $value ); … … 604 611 605 612 // Get the ID, if no ID then return 606 613 // expected_slashed ($name) 614 // @RawSQLUse, trivial_implementation 607 615 $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); 608 616 if ( is_null($option) || !$option->option_id ) 609 617 return false; 610 618 // expected_slashed ($name) 619 // @RawSQLUse, trivial_implementation 611 620 $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); 612 621 if ( 'yes' == $option->autoload ) { 613 622 $alloptions = wp_load_alloptions(); … … 987 996 } 988 997 989 998 foreach ( (array) $post_links as $url ) { 999 // @RawSQLUse, algorithmic 990 1000 if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) { 991 1001 if ( $headers = wp_get_http_headers( $url) ) { 992 1002 $len = (int) $headers['content-length']; … … 994 1004 $allowed_types = array( 'video', 'audio' ); 995 1005 if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 996 1006 $meta_value = "$url\n$len\n$type\n"; 1007 // @RawSQLUse, method_exists 997 1008 $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 998 1009 VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); 999 1010 } … … 1537 1548 return true; 1538 1549 1539 1550 $suppress = $wpdb->suppress_errors(); 1551 // @RawSQLUse, trivial_implementation 1540 1552 $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); 1541 1553 $wpdb->suppress_errors($suppress); 1542 1554 -
wp-includes/comment-template.php
814 814 815 815 /** @todo Use API instead of SELECTs. */ 816 816 if ( $user_ID) { 817 // @RawSQLUse, algorithmic 817 818 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $user_ID)); 818 819 } else if ( empty($comment_author) ) { 820 // @RawSQLUse, simple_code 819 821 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID)); 820 822 } else { 823 // @RawSQLUse, algorithmic 821 824 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email)); 822 825 } 823 826 -
wp-includes/user.php
108 108 global $wpdb; 109 109 if ( !$user ) 110 110 $user = $wpdb->escape($_COOKIE[USER_COOKIE]); 111 // @RawSQLUse, trivial_implementation 111 112 return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); 112 113 } 113 114 … … 123 124 function get_usernumposts($userid) { 124 125 global $wpdb; 125 126 $userid = (int) $userid; 127 // @RawSQLUse, trivial_implementation 126 128 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post')); 127 129 return apply_filters('get_usernumposts', $count, $userid); 128 130 } … … 232 234 global $wpdb, $blog_id; 233 235 if ( empty($id) ) 234 236 $id = (int) $blog_id; 237 // @RawSQLUse, simple_code 235 238 $users = $wpdb->get_results( "SELECT user_id, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); 236 239 return $users; 237 240 } … … 262 265 $meta_value = trim( $meta_value ); 263 266 264 267 if ( ! empty($meta_value) ) 268 // @RawSQLUse, trivial_implementation 265 269 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); 266 270 else 271 // @RawSQLUse, trivial_implementation 267 272 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 268 273 269 274 wp_cache_delete($user_id, 'users'); … … 300 305 if ( false !== $user && isset($user->$meta_key) ) 301 306 $metas = array($user->$meta_key); 302 307 else 308 // @RawSQLUse, trivial_implementation 303 309 $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 304 310 } else { 311 // @RawSQLUse, trivial_implementation 305 312 $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) ); 306 313 } 307 314 … … 352 359 return delete_usermeta($user_id, $meta_key); 353 360 } 354 361 362 // @RawSQLUse, trivial_implementation 355 363 $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 356 364 if ( !$cur ) { 365 // @RawSQLUse, method_exists 357 366 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) 358 367 VALUES 359 368 ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); 360 369 } else if ( $cur->meta_value != $meta_value ) { 370 // @RawSQLUse, method_exists 361 371 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); 362 372 } else { 363 373 return false; … … 458 468 $r = wp_parse_args( $args, $defaults ); 459 469 extract( $r, EXTR_SKIP ); 460 470 471 // @RawSQLUse, algorithmic 461 472 $query = "SELECT * FROM $wpdb->users"; 462 473 463 474 $query_where = array(); … … 529 540 global $wpdb; 530 541 531 542 $show = $wpdb->hide_errors(); 543 // @RawSQLUse, trivial_implementation 532 544 $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); 533 545 $wpdb->show_errors($show); 534 546 -
wp-includes/query.php
1922 1922 $taxonomy_field = $item == 'tag_slug__and' ? 'slug' : 'term_id'; 1923 1923 1924 1924 $q[$item] = array_unique($q[$item]); 1925 // @RawSQLUse, algorithmic 1925 1926 $tsql = "SELECT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->term_relationships tr ON (p.ID = tr.object_id) INNER JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) INNER JOIN $wpdb->terms t ON (tt.term_id = t.term_id)"; 1926 1927 $tsql .= " WHERE tt.taxonomy = '$taxonomy' AND t.$taxonomy_field IN ('" . implode("', '", $q[$item]) . "')"; 1927 1928 $tsql .= " GROUP BY p.ID HAVING count(p.ID) = " . count($q[$item]); … … 2186 2187 $cgroupby = apply_filters('comment_feed_groupby', $cgroupby); 2187 2188 } 2188 2189 2190 // @RawSQLUse, algorithmic 2189 2191 $this->comments = (array) $wpdb->get_results("SELECT $distinct $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere $cgroupby ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss')); 2190 2192 $this->comment_count = count($this->comments); 2191 2193 … … 2242 2244 if ( !empty($limits) ) 2243 2245 $found_rows = 'SQL_CALC_FOUND_ROWS'; 2244 2246 2247 // @RawSQLUse, algorithmic 2245 2248 $this->request = " SELECT $found_rows $distinct $fields FROM $wpdb->posts $join WHERE 1=1 $where $groupby $orderby $limits"; 2246 2249 if ( !$q['suppress_filters'] ) 2247 2250 $this->request = apply_filters('posts_request', $this->request); … … 2254 2257 if ( !empty($this->posts) && $this->is_comment_feed && $this->is_singular ) { 2255 2258 $cjoin = apply_filters('comment_feed_join', ''); 2256 2259 $cwhere = apply_filters('comment_feed_where', "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'"); 2260 // @RawSQLUse, algorithmic 2257 2261 $comments_request = "SELECT $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss'); 2258 2262 $this->comments = $wpdb->get_results($comments_request); 2259 2263 $this->comment_count = count($this->comments); … … 2323 2327 // Fetch sticky posts that weren't in the query results 2324 2328 if ( !empty($sticky_posts) ) { 2325 2329 $stickies__in = implode(',', array_map( 'absint', $sticky_posts )); 2330 // @RawSQLUse, algorithmic 2326 2331 $stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in)" ); 2327 2332 /** @todo Make sure post is published or viewable by the current user */ 2328 2333 foreach ( $stickies as $sticky_post ) { … … 2615 2620 if ( is_404() && '' != $wp_query->query_vars['name'] ) : 2616 2621 global $wpdb; 2617 2622 2623 // @RawSQLUse, simple_code 2618 2624 $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'"; 2619 2625 2620 2626 // if year, monthnum, or day have been specified, make our query more precise -
wp-includes/bookmark.php
32 32 if ( isset($GLOBALS['link']) && ($GLOBALS['link']->link_id == $bookmark) ) { 33 33 $_bookmark = & $GLOBALS['link']; 34 34 } elseif ( ! $_bookmark = wp_cache_get($bookmark, 'bookmark') ) { 35 // @RawSQLUse, simple_code 35 36 $_bookmark = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->links WHERE link_id = %d LIMIT 1", $bookmark)); 36 37 $_bookmark->link_category = array_unique( wp_get_object_terms($_bookmark->link_id, 'link_category', 'fields=ids') ); 37 38 wp_cache_add($_bookmark->link_id, $_bookmark, 'bookmark'); … … 241 242 if ( $hide_invisible ) 242 243 $visible = "AND link_visible = 'Y'"; 243 244 245 // @RawSQLUse, algorithmic 244 246 $query = "SELECT * $length $recently_updated_test $get_updated FROM $wpdb->links $join WHERE 1=1 $visible $category_query"; 245 247 $query .= " $exclusions $inclusions $search"; 246 248 $query .= " ORDER BY $orderby $order"; -
wp-includes/link-template.php
900 900 $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare("WHERE p.post_date $op %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories ); 901 901 $sort = apply_filters( "get_{$adjacent}_post_sort", "ORDER BY p.post_date $order LIMIT 1" ); 902 902 903 // @RawSQLUse, algorithmic 903 904 return $wpdb->get_row("SELECT p.* FROM $wpdb->posts AS p $join $where $sort"); 904 905 } 905 906 -
wp-includes/author-template.php
472 472 $return = ''; 473 473 474 474 /** @todo Move select to get_authors(). */ 475 // @RawSQLUse, algorithmic 475 476 $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name"); 476 477 477 478 $author_count = array(); 479 // @RawSQLUse, simple_code 478 480 foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author") as $row) { 479 481 $author_count[$row->post_author] = $row->count; 480 482 } -
wp-includes/rewrite.php
782 782 global $wpdb; 783 783 784 784 //get pages in order of hierarchy, i.e. children after parents 785 // @RawSQLUse, trivial_implementation 785 786 $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'")); 786 787 //now reverse it, because we need parents after children for rewrite rules to work properly 787 788 $posts = array_reverse($posts, true); … … 795 796 foreach ($posts as $id => $post) { 796 797 // URL => page name 797 798 $uri = get_page_uri($id); 799 // @RawSQLUse, trivial_implementation 798 800 $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); 799 801 if ( $attachments ) { 800 802 foreach ( $attachments as $attachment ) { -
wp-includes/general-template.php
422 422 } 423 423 if ( !empty($author_name) ) { 424 424 // We do a direct query here because we don't cache by nicename. 425 // @RawSQLUse, trivial_implementation 425 426 $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); 426 427 } 427 428 … … 510 511 511 512 if ( intval($p) || '' != $name ) { 512 513 if ( !$p ) 514 // @RawSQLUse, trivial_implementation 513 515 $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); 514 516 $post = & get_post($p); 515 517 $title = $post->post_title; … … 760 762 $output = ''; 761 763 762 764 if ( 'monthly' == $type ) { 765 // @RawSQLUse, simple_code 763 766 $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC $limit"; 764 767 $key = md5($query); 765 768 $cache = wp_cache_get( 'wp_get_archives' , 'general'); … … 781 784 } 782 785 } 783 786 } elseif ('yearly' == $type) { 787 // @RawSQLUse, simple_code 784 788 $query = "SELECT DISTINCT YEAR(post_date) AS `year`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date) ORDER BY post_date DESC $limit"; 785 789 $key = md5($query); 786 790 $cache = wp_cache_get( 'wp_get_archives' , 'general'); … … 802 806 } 803 807 } 804 808 } elseif ( 'daily' == $type ) { 809 // @RawSQLUse, simple_code 805 810 $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, DAYOFMONTH(post_date) AS `dayofmonth`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date), DAYOFMONTH(post_date) ORDER BY post_date DESC $limit"; 806 811 $key = md5($query); 807 812 $cache = wp_cache_get( 'wp_get_archives' , 'general'); … … 825 830 } 826 831 } elseif ( 'weekly' == $type ) { 827 832 $start_of_week = get_option('start_of_week'); 833 // @RawSQLUse, simple_code 828 834 $query = "SELECT DISTINCT WEEK(post_date, $start_of_week) AS `week`, YEAR(post_date) AS yr, DATE_FORMAT(post_date, '%Y-%m-%d') AS yyyymmdd, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY WEEK(post_date, $start_of_week), YEAR(post_date) ORDER BY post_date DESC $limit"; 829 835 $key = md5($query); 830 836 $cache = wp_cache_get( 'wp_get_archives' , 'general'); … … 855 861 } 856 862 } elseif ( ( 'postbypost' == $type ) || ('alpha' == $type) ) { 857 863 $orderby = ('alpha' == $type) ? "post_title ASC " : "post_date DESC "; 864 // @RawSQLUse, algorithmic 858 865 $query = "SELECT * FROM $wpdb->posts $join $where ORDER BY $orderby $limit"; 859 866 $key = md5($query); 860 867 $cache = wp_cache_get( 'wp_get_archives' , 'general'); … … 927 934 ob_start(); 928 935 // Quick check. If we have no posts at all, abort! 929 936 if ( !$posts ) { 937 // @RawSQLUse, simple_code 930 938 $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' ORDER BY post_date DESC LIMIT 1"); 931 939 if ( !$gotsome ) 932 940 return; … … 946 954 // We need to get the month from MySQL 947 955 $thisyear = ''.intval(substr($m, 0, 4)); 948 956 $d = (($w - 1) * 7) + 6; //it seems MySQL's weeks disagree with PHP's 957 // @RawSQLUse, simple_code 949 958 $thismonth = $wpdb->get_var("SELECT DATE_FORMAT((DATE_ADD('${thisyear}0101', INTERVAL $d DAY) ), '%m')"); 950 959 } elseif ( !empty($m) ) { 951 960 $thisyear = ''.intval(substr($m, 0, 4)); … … 961 970 $unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear); 962 971 963 972 // Get the next and previous month and year with at least one post 973 // @RawSQLUse, algorithmic 964 974 $previous = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year 965 975 FROM $wpdb->posts 966 976 WHERE post_date < '$thisyear-$thismonth-01' 967 977 AND post_type = 'post' AND post_status = 'publish' 968 978 ORDER BY post_date DESC 969 979 LIMIT 1"); 980 // @RawSQLUse, algorithmic 970 981 $next = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year 971 982 FROM $wpdb->posts 972 983 WHERE post_date > '$thisyear-$thismonth-01' … … 1024 1035 <tr>'; 1025 1036 1026 1037 // Get days with posts 1038 // @RawSQLUse, algorithmic 1027 1039 $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date) 1028 1040 FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth' 1029 1041 AND YEAR(post_date) = '$thisyear' … … 1043 1055 $ak_title_separator = ', '; 1044 1056 1045 1057 $ak_titles_for_day = array(); 1058 // @RawSQLUse, algorithmic 1046 1059 $ak_post_titles = $wpdb->get_results("SELECT post_title, DAYOFMONTH(post_date) as dom " 1047 1060 ."FROM $wpdb->posts " 1048 1061 ."WHERE YEAR(post_date) = '$thisyear' " -
wp-includes/canonical.php
68 68 69 69 if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) { 70 70 71 // @RawSQLUse, trivial_implementation 71 72 $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) ); 72 73 73 74 if ( isset($vars[0]) && $vars = $vars[0] ) { … … 328 329 if ( get_query_var('day') ) 329 330 $where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day')); 330 331 332 // @RawSQLUse, algorithmic 331 333 $post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'"); 332 334 if ( !$post_id ) 333 335 return false; -
wp-includes/deprecated.php
1120 1120 _deprecated_function(__FUNCTION__, '0.0' ); 1121 1121 1122 1122 if ( $count ) 1123 // @RawSQLUse, trivial_implementation 1123 1124 $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links"); 1124 1125 1125 1126 $javascript = "<a href=\"#\" onclick=\"javascript:window.open('$file?popup=1', '_blank', 'width=$width,height=$height,scrollbars=yes,status=no'); return false\">"; -
wp-includes/pluggable.php
130 130 if ( $user ) 131 131 return $user; 132 132 133 // @RawSQLUse, simple_code 133 134 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) ) 134 135 return false; 135 136 … … 164 165 if ( false !== $user ) 165 166 return $user; 166 167 168 // @RawSQLUse, trivial_implementation 167 169 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) ) 168 170 return false; 169 171 … … 194 196 if ( false !== $user ) 195 197 return $user; 196 198 199 // @RawSQLUse, trivial_implementation 197 200 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) ) 198 201 return false; 199 202 … … 1002 1005 if( get_option( "moderation_notify" ) == 0 ) 1003 1006 return true; 1004 1007 1008 // @RawSQLUse, simple_code 1005 1009 $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); 1010 // @RawSQLUse, simple_code 1006 1011 $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); 1007 1012 1008 1013 $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); 1014 // @RawSQLUse, simple_code 1009 1015 $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); 1010 1016 1011 1017 switch ($comment->comment_type) … … 1455 1461 global $wpdb; 1456 1462 1457 1463 $hash = wp_hash_password($password); 1464 // @RawSQLUse, method_exists 1458 1465 $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); 1459 1466 $wpdb->query($query); 1460 1467 wp_cache_delete($user_id, 'users'); -
wp-includes/widgets.php
1390 1390 $number = 15; 1391 1391 1392 1392 if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) { 1393 // @RawSQLUse, simple_code 1393 1394 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT $number"); 1394 1395 wp_cache_add( 'recent_comments', $comments, 'widget' ); 1395 1396 } -
wp-includes/rss.php
715 715 $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts'; 716 716 717 717 // shouldn't these be using get_option() ? 718 // @RawSQLUse, trivial_implementation 718 719 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) ) 719 720 add_option($cache_option, '', '', 'no'); 721 // @RawSQLUse, trivial_implementation 720 722 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) ) 721 723 add_option($cache_timestamp, '', '', 'no'); 722 724 -
xmlrpc.php
765 765 do_action('xmlrpc_call', 'wp.getPageList'); 766 766 767 767 // Get list of pages ids and titles 768 // @RawSQLUse, simple_code 768 769 $page_list = $wpdb->get_results(" 769 770 SELECT ID page_id, 770 771 post_title page_title, … … 2273 2274 global $wpdb; 2274 2275 2275 2276 // find any unattached files 2277 // @RawSQLUse, trivial_implementation 2276 2278 $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); 2277 2279 if( is_array( $attachments ) ) { 2278 2280 foreach( $attachments as $file ) { 2279 2281 if( strpos( $post_content, $file->guid ) !== false ) { 2282 // @RawSQLUse, method_exists 2280 2283 $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); 2281 2284 } 2282 2285 } … … 2852 2855 2853 2856 if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 2854 2857 // Get postmeta info on the object. 2858 // @RawSQLUse, trivial_implementation 2855 2859 $old_file = $wpdb->get_row(" 2856 2860 SELECT ID 2857 2861 FROM {$wpdb->posts} … … 3126 3130 return new IXR_Error(404, __('Sorry, no such post.')); 3127 3131 } 3128 3132 3133 // @RawSQLUse, trivial_implementation 3129 3134 $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 3130 3135 3131 3136 if (!$comments) { … … 3250 3255 } elseif (is_string($urltest['fragment'])) { 3251 3256 // ...or a string #title, a little more complicated 3252 3257 $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); 3258 // @RawSQLUse, trivial_implementation 3253 3259 $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); 3254 3260 if (! ($post_ID = $wpdb->get_var($sql)) ) { 3255 3261 // returning unknown error '0' is better than die()ing … … 3279 3285 return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); 3280 3286 3281 3287 // Let's check that the remote site didn't already pingback this entry 3288 // @RawSQLUse, trivial_implementation 3282 3289 $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); 3283 3290 3284 3291 if ( $wpdb->num_rows ) // We already have a Pingback from this URL … … 3394 3401 return new IXR_Error(32, __('The specified target URL does not exist.')); 3395 3402 } 3396 3403 3404 // @RawSQLUse, trivial_implementation 3397 3405 $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 3398 3406 3399 3407 if (!$comments) { -
wp-trackback.php
97 97 $comment_content = "<strong>$title</strong>\n\n$excerpt"; 98 98 $comment_type = 'trackback'; 99 99 100 // @RawSQLUse, trivial_implementation 100 101 $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); 101 102 if ( $dupe ) 102 103 trackback_response(1, 'We already have a ping from that URL for this post.'); -
wp-admin/update-links.php
18 18 if ( !get_option('use_linksupdate') ) 19 19 wp_die(__('Feature disabled.')); 20 20 21 // @RawSQLUse, trivial_implementation 21 22 $link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links"); 22 23 23 24 if ( !$link_uris ) … … 50 51 foreach ($returns as $return) : 51 52 $time = substr($return, 0, 19); 52 53 $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return); 54 // @RawSQLUse, method_exists 53 55 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) ); 54 56 endforeach; 55 57 -
wp-admin/users.php
153 153 $go_delete = true; 154 154 } 155 155 } 156 // @RawSQLUse, simple_code 156 157 $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); 157 158 $user_dropdown = '<select name="reassign_user">'; 158 159 foreach ( (array) $all_logins as $login ) -
wp-admin/edit-comments.php
19 19 20 20 $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); 21 21 if ( current_user_can('moderate_comments')) { 22 // @RawSQLUse, algorithmic 22 23 $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); 23 24 } else { 24 25 $deleted_spam = 0; … … 34 35 $deleted = $approved = $unapproved = $spammed = 0; 35 36 foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each 36 37 $comment_id = (int) $comment_id; 38 // @RawSQLUse, trivial_implementation 37 39 $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) ); 38 40 39 41 if ( !current_user_can('edit_post', $_post_id) ) -
wp-admin/admin-ajax.php
59 59 if ( strlen( $s ) < 2 ) 60 60 die; // require 2 chars for matching 61 61 62 // @RawSQLUse, algorithmic 62 63 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" ); 63 64 64 65 echo join( $results, "\n" ); … … 606 607 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 607 608 die('-1'); 608 609 610 // @RawSQLUse, trivial_implementation 609 611 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 610 612 611 613 if ( empty($status) ) … … 1085 1087 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1086 1088 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1087 1089 1090 // @RawSQLUse, simple_code 1088 1091 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" ); 1089 1092 1090 1093 if ( ! $posts ) -
wp-admin/includes/bookmark.php
83 83 84 84 wp_delete_object_term_relationships( $link_id, 'link_category' ); 85 85 86 // @RawSQLUse, trivial_implementation 86 87 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->links WHERE link_id = %d", $link_id ) ); 87 88 88 89 do_action( 'deleted_link', $link_id ); … … 186 187 } 187 188 188 189 if ( $update ) { 190 // @RawSQLUse, method_exists 189 191 if ( false === $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_url = %s, 190 192 link_name = %s, link_image = %s, link_target = %s, 191 193 link_visible = %s, link_description = %s, link_rating = %s, … … 197 199 return 0; 198 200 } 199 201 } else { 202 // @RawSQLUse, method_exists 200 203 if ( false === $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 201 204 $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss ) ) ) { 202 205 if ( $wp_error ) -
wp-admin/includes/post.php
257 257 } 258 258 259 259 if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) { 260 // @RawSQLUse, trivial_implementation 260 261 $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'"); 261 262 $children = array(); 262 263 … … 417 418 $post_date = $wpdb->prepare("AND post_date = %s", $post_date); 418 419 419 420 if (!empty ($title)) 421 // @RawSQLUse, trivial_implementation 420 422 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); 421 423 else 422 424 if (!empty ($content)) 425 // @RawSQLUse, trivial_implementation 423 426 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); 424 427 425 428 return 0; … … 566 569 567 570 wp_cache_delete($post_ID, 'post_meta'); 568 571 572 // @RawSQLUse, method_exists 569 573 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) ); 570 574 return $wpdb->insert_id; 571 575 } … … 584 588 global $wpdb; 585 589 $mid = (int) $mid; 586 590 591 // @RawSQLUse, trivial_implementation 587 592 $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 588 593 wp_cache_delete($post_id, 'post_meta'); 589 594 595 // @RawSQLUse, trivial_implementation 590 596 return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 591 597 } 592 598 … … 600 606 function get_meta_keys() { 601 607 global $wpdb; 602 608 609 // @RawSQLUse, simple_code 603 610 $keys = $wpdb->get_col( " 604 611 SELECT meta_key 605 612 FROM $wpdb->postmeta … … 621 628 global $wpdb; 622 629 $mid = (int) $mid; 623 630 631 // @RawSQLUse, trivial_implementation 624 632 $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 625 633 if ( is_serialized_string( $meta->meta_value ) ) 626 634 $meta->meta_value = maybe_unserialize( $meta->meta_value ); … … 640 648 function has_meta( $postid ) { 641 649 global $wpdb; 642 650 651 // @RawSQLUse, simple_code 643 652 return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id 644 653 FROM $wpdb->postmeta WHERE post_id = %d 645 654 ORDER BY meta_key,meta_id", $postid), ARRAY_A ); … … 664 673 if ( in_array($meta_key, $protected) ) 665 674 return false; 666 675 676 // @RawSQLUse, trivial_implementation 667 677 $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); 668 678 wp_cache_delete($post_id, 'post_meta'); 669 679 … … 743 753 global $wpdb; 744 754 $old_ID = (int) $old_ID; 745 755 $new_ID = (int) $new_ID; 756 // @RawSQLUse, method_exists 746 757 return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); 747 758 } 748 759 … … 818 829 function get_available_post_mime_types($type = 'attachment') { 819 830 global $wpdb; 820 831 832 // @RawSQLUse, simple_code 821 833 $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type)); 822 834 return $types; 823 835 } -
wp-admin/includes/upgrade.php
95 95 // Default category 96 96 $cat_name = $wpdb->escape(__('Uncategorized')); 97 97 $cat_slug = sanitize_title(_c('Uncategorized|Default category slug')); 98 // @RawSQLUse, method_exists 98 99 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 100 // @RawSQLUse, method_exists 99 101 $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); 100 102 101 103 // Default link category 102 104 $cat_name = $wpdb->escape(__('Blogroll')); 103 105 $cat_slug = sanitize_title(_c('Blogroll|Default link category slug')); 106 // @RawSQLUse, method_exists 104 107 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 108 // @RawSQLUse, method_exists 105 109 $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')"); 106 110 107 111 // Now drop in some default links 112 // @RawSQLUse, method_exists 108 113 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');"); 114 // @RawSQLUse, method_exists 109 115 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); 110 116 117 // @RawSQLUse, method_exists 111 118 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');"); 119 // @RawSQLUse, method_exists 112 120 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); 113 121 122 // @RawSQLUse, method_exists 114 123 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');"); 124 // @RawSQLUse, method_exists 115 125 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" ); 116 126 127 // @RawSQLUse, method_exists 117 128 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');"); 129 // @RawSQLUse, method_exists 118 130 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" ); 119 131 132 // @RawSQLUse, method_exists 120 133 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');"); 134 // @RawSQLUse, method_exists 121 135 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" ); 122 136 137 // @RawSQLUse, method_exists 123 138 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');"); 139 // @RawSQLUse, method_exists 124 140 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" ); 125 141 142 // @RawSQLUse, method_exists 126 143 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');"); 144 // @RawSQLUse, method_exists 127 145 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" ); 128 146 129 147 // First post 130 148 $now = date('Y-m-d H:i:s'); 131 149 $now_gmt = gmdate('Y-m-d H:i:s'); 132 150 $first_post_guid = get_option('home') . '/?p=1'; 151 // @RawSQLUse, method_exists 133 152 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')"); 153 // @RawSQLUse, method_exists 134 154 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); 135 155 136 156 // Default comment 157 // @RawSQLUse, method_exists 137 158 $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')"); 138 159 139 160 // First Page 140 161 $first_post_guid = get_option('home') . '/?page_id=2'; 162 // @RawSQLUse, method_exists 141 163 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')"); 142 164 } 143 165 endif; … … 292 314 global $wpdb; 293 315 294 316 // Get the title and ID of every post, post_name to check if it already has a value 317 // @RawSQLUse, trivial_implementation 295 318 $posts = $wpdb->get_results("SELECT ID, post_title, post_name FROM $wpdb->posts WHERE post_name = ''"); 296 319 if ($posts) { 297 320 foreach($posts as $post) { 298 321 if ('' == $post->post_name) { 299 322 $newtitle = sanitize_title($post->post_title); 323 // @RawSQLUse, method_exists 300 324 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); 301 325 } 302 326 } 303 327 } 304 328 329 // @RawSQLUse, trivial_implementation 305 330 $categories = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename FROM $wpdb->categories"); 306 331 foreach ($categories as $category) { 307 332 if ('' == $category->category_nicename) { 308 333 $newtitle = sanitize_title($category->cat_name); 334 // @RawSQLUse, method_exists 309 335 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); 310 336 } 311 337 } 312 338 339 // @RawSQLUse, algorithmic 313 340 $wpdb->query("UPDATE $wpdb->options SET option_value = REPLACE(option_value, 'wp-links/links-images/', 'wp-images/links/') 314 341 WHERE option_name LIKE 'links_rating_image%' 315 342 AND option_value LIKE 'wp-links/links-images/%'"); 316 343 344 // @RawSQLUse, simple_code 317 345 $done_ids = $wpdb->get_results("SELECT DISTINCT post_id FROM $wpdb->post2cat"); 318 346 if ($done_ids) : 319 347 foreach ($done_ids as $done_id) : … … 324 352 $catwhere = ''; 325 353 endif; 326 354 355 // @RawSQLUse, trivial_implementation 327 356 $allposts = $wpdb->get_results("SELECT ID, post_category FROM $wpdb->posts WHERE post_category != '0' $catwhere"); 328 357 if ($allposts) : 329 358 foreach ($allposts as $post) { 330 359 // Check to see if it's already been imported 360 // @RawSQLUse, trivial_implementation 331 361 $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); 332 362 if (!$cat && 0 != $post->post_category) { // If there's no result 363 // @RawSQLUse, method_exists 333 364 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat 334 365 (post_id, category_id) 335 366 VALUES (%s, %s) … … 366 397 global $wpdb; 367 398 368 399 // Set user_nicename. 400 // @RawSQLUse, trivial_implementation 369 401 $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users"); 370 402 foreach ($users as $user) { 371 403 if ('' == $user->user_nicename) { 372 404 $newname = sanitize_title($user->user_nickname); 405 // @RawSQLUse, method_exists 373 406 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); 374 407 } 375 408 } 376 409 410 // @RawSQLUse, trivial_implementation 377 411 $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users"); 378 412 foreach ($users as $row) { 379 413 if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { 414 // @RawSQLUse, method_exists 380 415 $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); 381 416 } 382 417 } … … 401 436 // Check if we already set the GMT fields (if we did, then 402 437 // MAX(post_date_gmt) can't be '0000-00-00 00:00:00' 403 438 // <michel_v> I just slapped myself silly for not thinking about it earlier 439 // @RawSQLUse, simple_code 404 440 $got_gmt_fields = ($wpdb->get_var("SELECT MAX(post_date_gmt) FROM $wpdb->posts") == '0000-00-00 00:00:00') ? false : true; 405 441 406 442 if (!$got_gmt_fields) { … … 408 444 // Add or substract time to all dates, to get GMT dates 409 445 $add_hours = intval($diff_gmt_weblogger); 410 446 $add_minutes = intval(60 * ($diff_gmt_weblogger - $add_hours)); 447 // @RawSQLUse, simple_code 411 448 $wpdb->query("UPDATE $wpdb->posts SET post_date_gmt = DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 449 // @RawSQLUse, simple_code 412 450 $wpdb->query("UPDATE $wpdb->posts SET post_modified = post_date"); 451 // @RawSQLUse, simple_code 413 452 $wpdb->query("UPDATE $wpdb->posts SET post_modified_gmt = DATE_ADD(post_modified, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE) WHERE post_modified != '0000-00-00 00:00:00'"); 453 // @RawSQLUse, simple_code 414 454 $wpdb->query("UPDATE $wpdb->comments SET comment_date_gmt = DATE_ADD(comment_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 455 // @RawSQLUse, simple_code 415 456 $wpdb->query("UPDATE $wpdb->users SET user_registered = DATE_ADD(user_registered, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 416 457 } 417 458 … … 426 467 global $wpdb; 427 468 428 469 // Remove extraneous backslashes. 470 // @RawSQLUse, trivial_implementation 429 471 $posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt, guid, post_date, post_name, post_status, post_author FROM $wpdb->posts"); 430 472 if ($posts) { 431 473 foreach($posts as $post) { … … 436 478 $guid = get_permalink($post->ID); 437 479 else 438 480 $guid = $post->guid; 439 481 // @RawSQLUse, method_exists 440 482 $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'"); 441 483 } 442 484 } 443 485 444 486 // Remove extraneous backslashes. 487 // @RawSQLUse, trivial_implementation 445 488 $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments"); 446 489 if ($comments) { 447 490 foreach($comments as $comment) { 448 491 $comment_content = addslashes(deslash($comment->comment_content)); 449 492 $comment_author = addslashes(deslash($comment->comment_author)); 493 // @RawSQLUse, method_exists 450 494 $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'"); 451 495 } 452 496 } 453 497 454 498 // Remove extraneous backslashes. 499 // @RawSQLUse, trivial_implementation 455 500 $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links"); 456 501 if ($links) { 457 502 foreach($links as $link) { 458 503 $link_name = addslashes(deslash($link->link_name)); 459 504 $link_description = addslashes(deslash($link->link_description)); 505 // @RawSQLUse, method_exists 460 506 $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'"); 461 507 } 462 508 } 463 509 464 510 // The "paged" option for what_to_show is no more. 511 // @RawSQLUse, trivial_implementation 465 512 if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') { 513 // @RawSQLUse, method_exists 466 514 $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'"); 467 515 } 468 516 … … 476 524 } 477 525 478 526 // Obsolete tables 527 // @RawSQLUse, trivial_implementation 479 528 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optionvalues'); 529 // @RawSQLUse, trivial_implementation 480 530 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiontypes'); 531 // @RawSQLUse, trivial_implementation 481 532 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroups'); 533 // @RawSQLUse, trivial_implementation 482 534 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroup_options'); 483 535 484 536 // Update comments table to use comment_type 537 // @RawSQLUse, simple_code 485 538 $wpdb->query("UPDATE $wpdb->comments SET comment_type='trackback', comment_content = REPLACE(comment_content, '<trackback />', '') WHERE comment_content LIKE '<trackback />%'"); 539 // @RawSQLUse, simple_code 486 540 $wpdb->query("UPDATE $wpdb->comments SET comment_type='pingback', comment_content = REPLACE(comment_content, '<pingback />', '') WHERE comment_content LIKE '<pingback />%'"); 487 541 488 542 // Some versions have multiple duplicate option_name rows with the same values 543 // @RawSQLUse, simple_code 489 544 $options = $wpdb->get_results("SELECT option_name, COUNT(option_name) AS dupes FROM `$wpdb->options` GROUP BY option_name"); 490 545 foreach ( $options as $option ) { 491 546 if ( 1 != $option->dupes ) { // Could this be done in the query? 492 547 $limit = $option->dupes - 1; 548 // @RawSQLUse, simple_code 493 549 $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) ); 494 550 $dupe_ids = join($dupe_ids, ','); 551 // @RawSQLUse, algorithmic 495 552 $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)"); 496 553 } 497 554 } … … 509 566 510 567 populate_roles_160(); 511 568 569 // @RawSQLUse, method_exists 512 570 $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); 513 571 foreach ( $users as $user ) : 514 572 if ( !empty( $user->user_firstname ) ) … … 539 597 if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; 540 598 if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; 541 599 if (!$idmode) $id = $user->user_nickname; 600 // @RawSQLUse, method_exists 542 601 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); 543 602 endif; 544 603 … … 554 613 $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' ); 555 614 $wpdb->hide_errors(); 556 615 foreach ( $old_user_fields as $old ) 616 // @RawSQLUse, trivial_implementation 557 617 $wpdb->query("ALTER TABLE $wpdb->users DROP $old"); 558 618 $wpdb->show_errors(); 559 619 560 620 // populate comment_count field of posts table 621 // @RawSQLUse, simple_code 561 622 $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); 562 623 if( is_array( $comments ) ) { 563 624 foreach ($comments as $comment) { 625 // @RawSQLUse, method_exists 564 626 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); 565 627 } 566 628 } … … 568 630 // Some alpha versions used a post status of object instead of attachment and put 569 631 // the mime type in post_type instead of post_mime_type. 570 632 if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { 633 // @RawSQLUse, trivial_implementation 571 634 $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); 572 635 foreach ($objects as $object) { 636 // @RawSQLUse, method_exists 573 637 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', 574 638 post_mime_type = %s, 575 639 post_type = '' … … 592 656 593 657 if ( $wp_current_db_version < 3506 ) { 594 658 // Update status and type. 659 // @RawSQLUse, trivial_implementation 595 660 $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 596 661 597 662 if ( ! empty($posts) ) foreach ($posts as $post) { … … 605 670 $status = 'inherit'; 606 671 $type = 'attachment'; 607 672 } 608 673 // @RawSQLUse, method_exists 609 674 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); 610 675 } 611 676 } … … 617 682 if ( $wp_current_db_version < 3531 ) { 618 683 // Give future posts a post_status of future. 619 684 $now = gmdate('Y-m-d H:i:59'); 685 // @RawSQLUse, method_exists 620 686 $wpdb->query ("UPDATE $wpdb->posts SET post_status = 'future' WHERE post_status = 'publish' AND post_date_gmt > '$now'"); 621 687 688 // @RawSQLUse, method_exists 622 689 $posts = $wpdb->get_results("SELECT ID, post_date FROM $wpdb->posts WHERE post_status ='future'"); 623 690 if ( !empty($posts) ) 624 691 foreach ( $posts as $post ) … … 641 708 // Convert categories to terms. 642 709 $tt_ids = array(); 643 710 $have_tags = false; 711 // @RawSQLUse, simple_code 644 712 $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID"); 645 713 foreach ($categories as $category) { 646 714 $term_id = (int) $category->cat_ID; … … 651 719 $term_group = 0; 652 720 653 721 // Associate terms with the same slug in a term group and make slugs unique. 722 // @RawSQLUse, trivial_implementation 654 723 if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 655 724 $term_group = $exists[0]->term_group; 656 725 $id = $exists[0]->term_id; … … 658 727 do { 659 728 $alt_slug = $slug . "-$num"; 660 729 $num++; 730 // @RawSQLUse, trivial_implementation 661 731 $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); 662 732 } while ( $slug_check ); 663 733 664 734 $slug = $alt_slug; 665 735 666 736 if ( empty( $term_group ) ) { 737 // @RawSQLUse, simple_code 667 738 $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; 739 // @RawSQLUse, method_exists 668 740 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); 669 741 } 670 742 } 671 743 // @RawSQLUse, method_exists 672 744 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES 673 745 (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); 674 746 … … 676 748 if ( !empty($category->category_count) ) { 677 749 $count = (int) $category->category_count; 678 750 $taxonomy = 'category'; 751 // @RawSQLUse, method_exists 679 752 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 680 753 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 681 754 } … … 683 756 if ( !empty($category->link_count) ) { 684 757 $count = (int) $category->link_count; 685 758 $taxonomy = 'link_category'; 759 // @RawSQLUse, method_exists 686 760 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 687 761 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 688 762 } … … 691 765 $have_tags = true; 692 766 $count = (int) $category->tag_count; 693 767 $taxonomy = 'post_tag'; 768 // @RawSQLUse, method_exists 694 769 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 695 770 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 696 771 } … … 698 773 if ( empty($count) ) { 699 774 $count = 0; 700 775 $taxonomy = 'category'; 776 // @RawSQLUse, method_exists 701 777 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 702 778 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 703 779 } … … 707 783 if ( $have_tags ) 708 784 $select .= ', rel_type'; 709 785 786 // @RawSQLUse, simple_code 710 787 $posts = $wpdb->get_results("SELECT $select FROM $wpdb->post2cat GROUP BY post_id, category_id"); 711 788 foreach ( $posts as $post ) { 712 789 $post_id = (int) $post->post_id; … … 717 794 $tt_id = $tt_ids[$term_id][$taxonomy]; 718 795 if ( empty($tt_id) ) 719 796 continue; 720 797 798 // @RawSQLUse, method_exists 721 799 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); 722 800 } 723 801 … … 728 806 $link_cat_id_map = array(); 729 807 $default_link_cat = 0; 730 808 $tt_ids = array(); 809 // @RawSQLUse, trivial_implementation 731 810 $link_cats = $wpdb->get_results("SELECT cat_id, cat_name FROM " . $wpdb->prefix . 'linkcategories'); 732 811 foreach ( $link_cats as $category) { 733 812 $cat_id = (int) $category->cat_id; … … 737 816 $term_group = 0; 738 817 739 818 // Associate terms with the same slug in a term group and make slugs unique. 819 // @RawSQLUse, trivial_implementation 740 820 if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 741 821 $term_group = $exists[0]->term_group; 742 822 $term_id = $exists[0]->term_id; 743 823 } 744 824 745 825 if ( empty($term_id) ) { 826 // @RawSQLUse, method_exists 746 827 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); 747 828 $term_id = (int) $wpdb->insert_id; 748 829 } 749 830 750 831 $link_cat_id_map[$cat_id] = $term_id; 751 832 $default_link_cat = $term_id; 752 833 834 // @RawSQLUse, method_exists 753 835 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); 754 836 $tt_ids[$term_id] = (int) $wpdb->insert_id; 755 837 } 756 838 757 839 // Associate links to cats. 840 // @RawSQLUse, trivial_implementation 758 841 $links = $wpdb->get_results("SELECT link_id, link_category FROM $wpdb->links"); 759 842 if ( !empty($links) ) foreach ( $links as $link ) { 760 843 if ( 0 == $link->link_category ) … … 766 849 if ( empty($tt_id) ) 767 850 continue; 768 851 852 // @RawSQLUse, method_exists 769 853 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); 770 854 } 771 855 772 856 // Set default to the last category we grabbed during the upgrade loop. 773 857 update_option('default_link_category', $default_link_cat); 774 858 } else { 859 // @RawSQLUse, simple_code 775 860 $links = $wpdb->get_results("SELECT link_id, category_id FROM $wpdb->link2cat GROUP BY link_id, category_id"); 776 861 foreach ( $links as $link ) { 777 862 $link_id = (int) $link->link_id; … … 781 866 if ( empty($tt_id) ) 782 867 continue; 783 868 869 // @RawSQLUse, method_exists 784 870 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); 785 871 } 786 872 } 787 873 788 874 if ( $wp_current_db_version < 4772 ) { 789 875 // Obsolete linkcategories table 876 // @RawSQLUse, trivial_implementation 790 877 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'linkcategories'); 791 878 } 792 879 793 880 // Recalculate all counts 881 // @RawSQLUse, trivial_implementation 794 882 $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); 795 883 foreach ( (array) $terms as $term ) { 796 884 if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) 885 // @RawSQLUse, simple_code 797 886 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); 798 887 else 888 // @RawSQLUse, simple_code 799 889 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); 890 // @RawSQLUse, method_exists 800 891 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); 801 892 } 802 893 } … … 811 902 $old_options_fields = array( 'option_can_override', 'option_type', 'option_width', 'option_height', 'option_description', 'option_admin_level' ); 812 903 $wpdb->hide_errors(); 813 904 foreach ( $old_options_fields as $old ) 905 // @RawSQLUse, trivial_implementation 814 906 $wpdb->query("ALTER TABLE $wpdb->options DROP $old"); 815 907 $wpdb->show_errors(); 816 908 } … … 822 914 */ 823 915 function upgrade_230_old_tables() { 824 916 global $wpdb; 917 // @RawSQLUse, trivial_implementation 825 918 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'categories'); 919 // @RawSQLUse, trivial_implementation 826 920 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'link2cat'); 921 // @RawSQLUse, trivial_implementation 827 922 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'post2cat'); 828 923 } 829 924 … … 835 930 function upgrade_old_slugs() { 836 931 // upgrade people who were using the Redirect Old Slugs plugin 837 932 global $wpdb; 933 // @RawSQLUse, method_exists 838 934 $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '_wp_old_slug' WHERE meta_key = 'old_slug'"); 839 935 } 840 936 … … 872 968 function upgrade_252() { 873 969 global $wpdb; 874 970 971 // @RawSQLUse, method_exists 875 972 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); 876 973 } 877 974 … … 905 1002 906 1003 // Update post_date for unpublished posts with empty timestamp 907 1004 if ( $wp_current_db_version < 8921 ) 1005 // @RawSQLUse, method_exists 908 1006 $wpdb->query( "UPDATE $wpdb->posts SET post_date = post_modified WHERE post_date = '0000-00-00 00:00:00'" ); 909 1007 } 910 1008 … … 926 1024 */ 927 1025 function maybe_create_table($table_name, $create_ddl) { 928 1026 global $wpdb; 1027 // @RawSQLUse, trivial_implementation 929 1028 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 930 1029 if ($table == $table_name) { 931 1030 return true; … … 934 1033 //didn't find it try to create it. 935 1034 $q = $wpdb->query($create_ddl); 936 1035 // we cannot directly tell that whether this succeeded! 1036 // @RawSQLUse, trivial_implementation 937 1037 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 938 1038 if ($table == $table_name) { 939 1039 return true; … … 956 1056 function drop_index($table, $index) { 957 1057 global $wpdb; 958 1058 $wpdb->hide_errors(); 1059 // @RawSQLUse, trivial_implementation 959 1060 $wpdb->query("ALTER TABLE `$table` DROP INDEX `$index`"); 960 1061 // Now we need to take out all the extra ones we may have created 961 1062 for ($i = 0; $i < 25; $i++) { 1063 // @RawSQLUse, trivial_implementation 962 1064 $wpdb->query("ALTER TABLE `$table` DROP INDEX `{$index}_$i`"); 963 1065 } 964 1066 $wpdb->show_errors(); … … 979 1081 function add_clean_index($table, $index) { 980 1082 global $wpdb; 981 1083 drop_index($table, $index); 1084 // @RawSQLUse, trivial_implementation 982 1085 $wpdb->query("ALTER TABLE `$table` ADD INDEX ( `$index` )"); 983 1086 return true; 984 1087 } … … 991 1094 */ 992 1095 function maybe_add_column($table_name, $column_name, $create_ddl) { 993 1096 global $wpdb, $debug; 1097 // @RawSQLUse, trivial_implementation 994 1098 foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { 995 1099 if ($debug) echo("checking $column == $column_name<br />"); 996 1100 if ($column == $column_name) { … … 1000 1104 //didn't find it try to create it. 1001 1105 $q = $wpdb->query($create_ddl); 1002 1106 // we cannot directly tell that whether this succeeded! 1107 // @RawSQLUse, trivial_implementation 1003 1108 foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { 1004 1109 if ($column == $column_name) { 1005 1110 return true; … … 1017 1122 */ 1018 1123 function get_alloptions_110() { 1019 1124 global $wpdb; 1125 // @RawSQLUse, trivial_implementation 1020 1126 if ($options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options")) { 1021 1127 foreach ($options as $option) { 1022 1128 // "When trying to design a foolproof system, … … 1050 1156 return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); 1051 1157 } 1052 1158 1159 // @RawSQLUse, trivial_implementation 1053 1160 $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); 1054 1161 1055 1162 if ( 'home' == $setting && '' == $option ) … … 1137 1244 } 1138 1245 1139 1246 // Check to see which tables and fields exist 1247 // @RawSQLUse, trivial_implementation 1140 1248 if($tables = $wpdb->get_col('SHOW TABLES;')) { 1141 1249 // For every table in the database 1142 1250 foreach($tables as $table) { … … 1183 1291 } 1184 1292 1185 1293 // Fetch the table column structure from the database 1294 // @RawSQLUse, trivial_implementation 1186 1295 $tablefields = $wpdb->get_results("DESCRIBE {$table};"); 1187 1296 1188 1297 // For every field in the table … … 1229 1338 1230 1339 // Index stuff goes here 1231 1340 // Fetch the table index structure from the database 1341 // @RawSQLUse, trivial_implementation 1232 1342 $tableindices = $wpdb->get_results("SHOW INDEX FROM {$table};"); 1233 1343 1234 1344 if($tableindices) { -
wp-admin/includes/dashboard.php
437 437 $comments = array(); 438 438 $start = 0; 439 439 440 // @RawSQLUse, simple_code 440 441 while ( count( $comments ) < 5 && $possible = $wpdb->get_results( "SELECT * FROM $wpdb->comments ORDER BY comment_date_gmt DESC LIMIT $start, 50" ) ) { 441 442 442 443 foreach ( $possible as $comment ) { -
wp-admin/includes/schema.php
311 311 // Set up a few options not to load by default 312 312 $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' ); 313 313 foreach ($fatoptions as $fatoption) : 314 // @RawSQLUse, method_exists 314 315 $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); 315 316 endforeach; 316 317 } -
wp-admin/includes/comment.php
19 19 function comment_exists($comment_author, $comment_date) { 20 20 global $wpdb; 21 21 22 // @RawSQLUse, trivial_implementation 22 23 return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 23 24 WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 24 25 } … … 112 113 $post_id = array_map('intval', $post_id); 113 114 $post_id = "'" . implode("', '", $post_id) . "'"; 114 115 116 // @RawSQLUse, simple_code 115 117 $pending = $wpdb->get_results( "SELECT comment_post_ID, COUNT(comment_ID) as num_comments FROM $wpdb->comments WHERE comment_post_ID IN ( $post_id ) AND comment_approved = '0' GROUP BY comment_post_ID", ARRAY_N ); 116 118 117 119 if ( empty($pending) ) -
wp-admin/includes/template.php
1687 1687 // catch and repair bad pages 1688 1688 if ( $page->post_parent == $page->ID ) { 1689 1689 $page->post_parent = 0; 1690 // @RawSQLUse, method_exists 1690 1691 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) ); 1691 1692 clean_page_cache( $page->ID ); 1692 1693 } … … 1974 1975 $query = "FROM $wpdb->comments USE INDEX (comment_date_gmt) WHERE $approved $post $typesql"; 1975 1976 } 1976 1977 1978 // @RawSQLUse, algorithmic 1977 1979 $comments = $wpdb->get_results("SELECT * $query $orderby"); 1980 // @RawSQLUse, algorithmic 1978 1981 if ( '' === $total ) 1979 1982 $total = $wpdb->get_var("SELECT COUNT(comment_ID) $query"); 1980 1983 … … 2368 2371 function meta_form() { 2369 2372 global $wpdb; 2370 2373 $limit = (int) apply_filters( 'postmeta_form_limit', 30 ); 2374 // @RawSQLUse, algorithmic 2371 2375 $keys = $wpdb->get_col( " 2372 2376 SELECT meta_key 2373 2377 FROM $wpdb->postmeta … … 2526 2530 */ 2527 2531 function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) { 2528 2532 global $wpdb, $post_ID; 2533 // @RawSQLUse, simple_code 2529 2534 $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) ); 2530 2535 2531 2536 if ( $items ) { -
wp-admin/includes/user.php
197 197 function get_author_user_ids() { 198 198 global $wpdb; 199 199 $level_key = $wpdb->prefix . 'user_level'; 200 // @RawSQLUse, trivial_implementation 200 201 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); 201 202 } 202 203 … … 219 220 return false; 220 221 } else { 221 222 $editable = join(',', $editable); 223 // @RawSQLUse, simple_code 222 224 $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" ); 223 225 } 224 226 … … 250 252 251 253 $level_key = $wpdb->prefix . 'user_level'; 252 254 255 // @RawSQLUse, trivial_implementation 253 256 $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); 254 257 if ( $exclude_zeros ) 255 258 $query .= " AND meta_value != '0'"; … … 295 298 global $wpdb; 296 299 $level_key = $wpdb->prefix . 'user_level'; 297 300 301 // @RawSQLUse, trivial_implementation 298 302 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); 299 303 } 300 304 … … 323 327 $other_unpubs = ''; 324 328 } else { 325 329 $editable = join(',', $editable); 330 // @RawSQLUse, simple_code 326 331 $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) ); 327 332 } 328 333 … … 388 393 */ 389 394 function get_users_drafts( $user_id ) { 390 395 global $wpdb; 396 // @RawSQLUse, simple_code 391 397 $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); 392 398 $query = apply_filters('get_users_drafts', $query); 393 399 return $wpdb->get_results( $query ); … … 413 419 $id = (int) $id; 414 420 415 421 if ($reassign == 'novalue') { 422 // @RawSQLUse, trivial_implementation 416 423 $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); 417 424 418 425 if ($post_ids) { … … 421 428 } 422 429 423 430 // Clean links 431 // @RawSQLUse, trivial_implementation 424 432 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); 425 433 } else { 426 434 $reassign = (int) $reassign; 435 // @RawSQLUse, method_exists 427 436 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); 437 // @RawSQLUse, method_exists 428 438 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) ); 429 439 } 430 440 431 441 // FINALLY, delete user 432 442 do_action('delete_user', $id); 433 443 444 // @RawSQLUse, trivial_implementation 434 445 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) ); 446 // @RawSQLUse, trivial_implementation 435 447 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) ); 436 448 437 449 wp_cache_delete($id, 'users'); … … 628 640 * 629 641 * @since unknown 630 642 * @access public 643 * @RawSQLUse, algorithmic 631 644 */ 632 645 function prepare_query() { 633 646 global $wpdb; … … 663 676 */ 664 677 function query() { 665 678 global $wpdb; 679 // @RawSQLUse, simple_code 666 680 $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_sort . $this->query_limit); 667 681 668 682 if ( $this->results ) 683 // @RawSQLUse, simple_code 669 684 $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit 670 685 else 671 686 $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!')); -
wp-admin/includes/media.php
41 41 } 42 42 43 43 if ( intval($_REQUEST['post_id']) ) 44 // @RawSQLUse, simple_code 44 45 $attachments = intval($wpdb->get_var($wpdb->prepare("SELECT count(*) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $_REQUEST['post_id']))); 45 46 46 47 if ( empty($attachments) ) { … … 1716 1717 <div class="alignleft actions"> 1717 1718 <?php 1718 1719 1720 // @RawSQLUse, simple_code 1719 1721 $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC"; 1720 1722 1721 1723 $arc_result = $wpdb->get_results( $arc_query ); -
wp-admin/includes/export.php
41 41 } 42 42 43 43 // grab a snapshot of post IDs, just in case it changes during the export 44 // @RawSQLUse, simple_code 44 45 $post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts $where ORDER BY post_date_gmt ASC"); 45 46 46 47 $categories = (array) get_categories('get=all'); … … 263 264 // fetch 20 posts at a time rather than loading the entire table into memory 264 265 while ( $next_posts = array_splice($post_ids, 0, 20) ) { 265 266 $where = "WHERE ID IN (".join(',', $next_posts).")"; 267 // @RawSQLUse, simple_code 266 268 $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_date_gmt ASC"); 267 269 foreach ($posts as $post) { 268 270 // Don't export revisions. They bloat the export. … … 296 298 <wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url> 297 299 <?php } ?> 298 300 <?php 301 // @RawSQLUse, trivial_implementation 299 302 $postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); 300 303 if ( $postmeta ) { 301 304 ?> … … 307 310 <?php } ?> 308 311 <?php } ?> 309 312 <?php 313 // @RawSQLUse, trivial_implementation 310 314 $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); 311 315 if ( $comments ) { foreach ( $comments as $c ) { ?> 312 316 <wp:comment> -
wp-admin/install-helper.php
73 73 */ 74 74 function maybe_create_table($table_name, $create_ddl) { 75 75 global $wpdb; 76 // @RawSQLUse, trivial_implementation 76 77 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 77 78 if ($table == $table_name) { 78 79 return true; … … 81 82 //didn't find it try to create it. 82 83 $wpdb->query($create_ddl); 83 84 // we cannot directly tell that whether this succeeded! 85 // @RawSQLUse, trivial_implementation 84 86 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 85 87 if ($table == $table_name) { 86 88 return true; … … 107 109 */ 108 110 function maybe_add_column($table_name, $column_name, $create_ddl) { 109 111 global $wpdb, $debug; 112 // @RawSQLUse, trivial_implementation 110 113 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 111 114 if ($debug) echo("checking $column == $column_name<br />"); 112 115 … … 117 120 //didn't find it try to create it. 118 121 $wpdb->query($create_ddl); 119 122 // we cannot directly tell that whether this succeeded! 123 // @RawSQLUse, trivial_implementation 120 124 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 121 125 if ($column == $column_name) { 122 126 return true; … … 141 145 */ 142 146 function maybe_drop_column($table_name, $column_name, $drop_ddl) { 143 147 global $wpdb; 148 // @RawSQLUse, trivial_implementation 144 149 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 145 150 if ($column == $column_name) { 146 151 //found it try to drop it. 147 152 $wpdb->query($drop_ddl); 148 153 // we cannot directly tell that whether this succeeded! 154 // @RawSQLUse, trivial_implementation 149 155 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 150 156 if ($column == $column_name) { 151 157 return false; … … 189 195 function check_column($table_name, $col_name, $col_type, $is_null = null, $key = null, $default = null, $extra = null) { 190 196 global $wpdb, $debug; 191 197 $diffs = 0; 198 // @RawSQLUse, trivial_implementation 192 199 $results = $wpdb->get_results("DESC $table_name"); 193 200 194 201 foreach ($results as $row ) { -
wp-admin/import/btt.php
77 77 echo '<p><h3>'.__('Reading Bunny’s Technorati Tags…').'</h3></p>'; 78 78 79 79 // import Bunny's Keywords tags 80 // @RawSQLUse, trivial_implementation 80 81 $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'"); 81 82 if ( !is_array($metakeys)) { 82 83 echo '<p>' . __('No Tags Found!') . '</p>'; -
wp-admin/import/jkw.php
92 92 echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>'; 93 93 94 94 // import Jerome's Keywords tags 95 // @RawSQLUse, trivial_implementation 95 96 $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'"); 96 97 if ( !is_array($metakeys)) { 97 98 echo '<p>' . __('No Tags Found!') . '</p>'; … … 133 134 134 135 // import Jerome's Keywords tags 135 136 $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1); 137 // @RawSQLUse, trivial_implementation 136 138 $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename"); 137 139 if ( !is_array($metakeys) ) { 138 140 echo '<p>' . __('No Tags Found!') . '</p>'; … … 164 166 /* options from V2.0a (jeromes-keywords.php) */ 165 167 $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin'); 166 168 169 // @RawSQLUse, trivial_implementation 167 170 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1)); 168 171 169 172 foreach ( $options as $o ) -
wp-admin/import/dotclear.php
26 26 function get_comment_count($post_ID) 27 27 { 28 28 global $wpdb; 29 // @RawSQLUse, simple_code 29 30 return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 30 31 } 31 32 } … … 44 45 function link_exists($linkname) 45 46 { 46 47 global $wpdb; 48 // @RawSQLUse, trivial_implementation 47 49 return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 48 50 } 49 51 } … … 228 230 $dbprefix = get_option('dcdbprefix'); 229 231 230 232 // Get Categories 233 // @RawSQLUse, trivial_implementation 231 234 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A); 232 235 } 233 236 … … 241 244 242 245 // Get Users 243 246 247 // @RawSQLUse, trivial_implementation 244 248 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A); 245 249 } 246 250 … … 252 256 $dbprefix = get_option('dcdbprefix'); 253 257 254 258 // Get Posts 259 // @RawSQLUse, algorithmic 255 260 return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name 256 261 FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie 257 262 ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A); … … 266 271 $dbprefix = get_option('dcdbprefix'); 267 272 268 273 // Get Comments 274 // @RawSQLUse, trivial_implementation 269 275 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A); 270 276 } 271 277 … … 276 282 set_magic_quotes_runtime(0); 277 283 $dbprefix = get_option('dcdbprefix'); 278 284 285 // @RawSQLUse, simple_code 279 286 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A); 280 287 } 281 288 -
wp-admin/import/stp.php
117 117 function get_stp_posts ( ) { 118 118 global $wpdb; 119 119 // read in all the posts from the STP post->tag table: should be wp_post2tag 120 // @RawSQLUse, trivial_implementation 120 121 $posts_query = "SELECT post_id, tag_name FROM " . $wpdb->prefix . "stp_tags"; 121 122 $posts = $wpdb->get_results($posts_query); 122 123 return $posts; -
wp-admin/import/wp-cat2tag.php
270 270 } 271 271 272 272 if ( $values ) { 273 // @RawSQLUse, simple_code 273 274 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 274 275 276 // @RawSQLUse, method_exists 275 277 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $category->count, $category->term_id) ); 276 278 } 277 279 … … 280 282 } 281 283 282 284 // if tag already exists, add it to all posts in the category 285 // @RawSQLUse, trivial_implementation 283 286 if ( $tag_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $category->term_id) ) ) { 284 287 $objects_ids = get_objects_in_term($category->term_id, 'category'); 285 288 $tag_ttid = (int) $tag_ttid; … … 289 292 $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tag_ttid, $term_order); 290 293 291 294 if ( $values ) { 295 // @RawSQLUse, simple_code 292 296 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 293 297 298 // @RawSQLUse, simple_code 294 299 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag_ttid) ); 300 // @RawSQLUse, method_exists 295 301 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $count, $category->term_id) ); 296 302 } 297 303 echo __('Tag added to all posts in this category.') . " *</li>\n"; … … 303 309 continue; 304 310 } 305 311 312 // @RawSQLUse, trivial_implementation 306 313 $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 307 314 if ( $tt_ids ) { 315 // @RawSQLUse, simple_code 308 316 $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); 309 317 foreach ( (array) $posts as $post ) 310 318 clean_post_cache($post); 311 319 } 312 320 313 321 // Change the category to a tag. 322 // @RawSQLUse, method_exists 314 323 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 315 324 316 325 // Set all parents to 0 (root-level) if their parent was the converted tag 326 // @RawSQLUse, method_exists 317 327 $parents = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); 318 328 319 329 if ( $parents ) $clear_parents = true; … … 366 376 if ( $tag = get_term( $tag_id, 'post_tag' ) ) { 367 377 printf('<li>' . __('Converting tag <strong>%s</strong> ... '), $tag->name); 368 378 379 // @RawSQLUse, trivial_implementation 369 380 if ( $cat_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $tag->term_id) ) ) { 370 381 $objects_ids = get_objects_in_term($tag->term_id, 'post_tag'); 371 382 $cat_ttid = (int) $cat_ttid; … … 377 388 } 378 389 379 390 if ( $values ) { 391 // @RawSQLUse, simple_code 380 392 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 381 393 382 394 if ( $default_cat != $tag->term_id ) { 395 // @RawSQLUse, simple_code 383 396 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag->term_id) ); 397 // @RawSQLUse, method_exists 384 398 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'category'", $count, $tag->term_id) ); 385 399 } 386 400 } … … 394 408 } 395 409 396 410 // Change the tag to a category. 411 // @RawSQLUse, trivial_implementation 397 412 $parent = $wpdb->get_var( $wpdb->prepare("SELECT parent FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 398 413 if ( 0 == $parent || (0 < (int) $parent && $this->_category_exists($parent)) ) { 399 414 $reset_parent = ''; … … 401 416 } else 402 417 $reset_parent = ", parent = '0'"; 403 418 419 // @RawSQLUse, method_exists 404 420 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'category' $reset_parent WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 405 421 406 422 $clean_term_cache[] = $tag->term_id; -
wp-admin/import/utw.php
187 187 global $wpdb; 188 188 189 189 // read in all the tags from the UTW tags table: should be wp_tags 190 // @RawSQLUse, trivial_implementation 190 191 $tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags"; 191 192 192 193 $tags = $wpdb->get_results($tags_query); … … 207 208 global $wpdb; 208 209 209 210 // read in all the posts from the UTW post->tag table: should be wp_post2tag 211 // @RawSQLUse, trivial_implementation 210 212 $posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag"; 211 213 212 214 $posts = $wpdb->get_results($posts_query); -
wp-admin/import/mt.php
57 57 58 58 function users_form($n) { 59 59 global $wpdb; 60 // @RawSQLUse, simple_code 60 61 $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID"); 61 62 ?><select name="userselect[<?php echo $n; ?>]"> 62 63 <option value="#NONE#"><?php _e('- Select -') ?></option> -
wp-admin/import/blogger.php
647 647 648 648 if ( !isset( $blog['authors'] ) ) { 649 649 $post_ids = array_values($blog['posts']); 650 // @RawSQLUse, algorithmic 650 651 $authors = (array) $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN (" . join( ',', $post_ids ) . ")"); 651 652 $blog['authors'] = array_map(null, $authors, array_fill(0, count($authors), $current_user->ID)); 652 653 $this->save_vars(); … … 685 686 $host = $this->blogs[$importing_blog]['host']; 686 687 687 688 // Get an array of posts => authors 689 // @RawSQLUse, trivial_implementation 688 690 $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); 689 691 $post_ids = join( ',', $post_ids ); 692 // @RawSQLUse, algorithmic 690 693 $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); 691 694 foreach ( $results as $row ) 692 695 $authors_posts[$row->post_id] = $row->meta_value; … … 702 705 $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] ); 703 706 $post_ids = join( ',', $post_ids); 704 707 708 // @RawSQLUse, algorithmic 705 709 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) ); 706 710 $this->blogs[$importing_blog]['authors'][$author][1] = $user_id; 707 711 } … … 762 766 $this->revoke( $options['token'] ); 763 767 764 768 delete_option('blogger_importer'); 769 // @RawSQLUse, trivial_implementation 765 770 $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'"); 766 771 wp_redirect('?import=blogger'); 767 772 } -
wp-admin/import/textpattern.php
20 20 function get_comment_count($post_ID) 21 21 { 22 22 global $wpdb; 23 // @RawSQLUse, simple_code 23 24 return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 24 25 } 25 26 } … … 38 39 function link_exists($linkname) 39 40 { 40 41 global $wpdb; 42 // @RawSQLUse, trivial_implementation 41 43 return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 42 44 } 43 45 } … … 84 86 $prefix = get_option('tpre'); 85 87 86 88 // Get Categories 89 // @RawSQLUse, trivial_implementation 87 90 return $txpdb->get_results('SELECT 88 91 id, 89 92 name, … … 103 106 104 107 // Get Users 105 108 109 // @RawSQLUse, trivial_implementation 106 110 return $txpdb->get_results('SELECT 107 111 user_id, 108 112 name, … … 120 124 $prefix = get_option('tpre'); 121 125 122 126 // Get Posts 127 // @RawSQLUse, trivial_implementation 123 128 return $txpdb->get_results('SELECT 124 129 ID, 125 130 Posted, … … 147 152 $prefix = get_option('tpre'); 148 153 149 154 // Get Comments 155 // @RawSQLUse, trivial_implementation 150 156 return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); 151 157 } 152 158 … … 157 163 set_magic_quotes_runtime(0); 158 164 $prefix = get_option('tpre'); 159 165 166 // @RawSQLUse, trivial_implementation 160 167 return $txpdb->get_results('SELECT 161 168 id, 162 169 date, -
wp-admin/import/wordpress.php
663 663 global $wpdb; 664 664 foreach ($this->url_remap as $from_url => $to_url) { 665 665 // remap urls in post_content 666 // @RawSQLUse, simple_code 666 667 $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_content = REPLACE(post_content, '%s', '%s')", $from_url, $to_url) ); 667 668 // remap enclosure urls 669 // @RawSQLUse, simple_code 668 670 $result = $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->postmeta} SET meta_value = REPLACE(meta_value, '%s', '%s') WHERE meta_key='enclosure'", $from_url, $to_url) ); 669 671 } 670 672 } … … 677 679 $local_child_id = $this->post_ids_processed[$child_id]; 678 680 $local_parent_id = $this->post_ids_processed[$parent_id]; 679 681 if ($local_child_id and $local_parent_id) { 682 // @RawSQLUse, method_exists 680 683 $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id)); 681 684 } 682 685 } -
wp-admin/upload.php
20 20 21 21 if ( ! current_user_can('edit_posts') ) 22 22 wp_die( __('You are not allowed to scan for lost attachments.') ); 23 23 24 // @RawSQLUse, algorithmic 24 25 $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'"); 26 // @RawSQLUse, trivial_implementation 25 27 $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'"); 26 28 27 29 $lost = array(); … … 53 55 54 56 if ( ! empty($attach) ) { 55 57 $attach = implode(',', $attach); 58 // @RawSQLUse, algorithmic 56 59 $attached = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ($attach)", $parent_id) ); 57 60 } 58 61 … … 113 116 $page_links_total = ceil(count($lost) / 50); 114 117 $lost = implode(',', $lost); 115 118 119 // @RawSQLUse, algorithmic 116 120 $orphans = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'attachment' AND ID IN ($lost) LIMIT $start, 50" ); 117 121 } else { 118 122 $start = ( $_GET['paged'] - 1 ) * 25; 123 // @RawSQLUse, algorithmic 119 124 $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" ); 125 // @RawSQLUse, trivial_implementation 120 126 $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25); 121 127 } 122 128 … … 253 259 254 260 <?php 255 261 if ( ! is_singular() && ! isset($_GET['detached']) ) { 262 // @RawSQLUse, simple_code 256 263 $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC"; 257 264 258 265 $arc_result = $wpdb->get_results( $arc_query ); -
wp-admin/edit-form-advanced.php
438 438 <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">trackbacks and pingbacks</a> on this post') ?></label> 439 439 </p> 440 440 <?php 441 // @RawSQLUse, algorithmic 441 442 $total = $wpdb->get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID)); 442 443 443 444 if ( !$post_ID || $post_ID < 0 || 1 > $total ) -
wp-admin/edit.php
200 200 201 201 <?php // view filters 202 202 if ( !is_singular() ) { 203 // @RawSQLUse, simple_code 203 204 $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC"; 204 205 205 206 $arc_result = $wpdb->get_results( $arc_query ); -
wp-admin/options.php
95 95 <input type='hidden' name='option_page' value='options' /> 96 96 <table class="form-table"> 97 97 <?php 98 // @RawSQLUse, simple_code 98 99 $options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); 99 100 100 101 foreach ( (array) $options as $option) : -
wp-admin/link.php
58 58 } 59 59 $all_links = join(',', $linkcheck); 60 60 // should now have an array of links we can change 61 // @RawSQLUse, algorithmic 61 62 //$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)"); 62 63 63 64 wp_redirect($this_file); -
wp-admin/export.php
39 39 <select name="author" id="author"> 40 40 <option value="all" selected="selected"><?php _e('All Authors'); ?></option> 41 41 <?php 42 // @RawSQLUse, simple_code 42 43 $authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" ); 43 44 foreach ( $authors as $id ) { 44 45 $o = get_userdata( $id ); -
wp-admin/edit-pages.php
277 277 278 278 if ( 1 == count($posts) && is_singular() ) : 279 279 280 // @RawSQLUse, algorithmic 280 281 $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) ); 281 282 if ( $comments ) : 282 283 // Make sure comments, post, and post_author are cached