Make WordPress Core

Ticket #6836: wordpress-trunk_20090124_sqlannotations.diff

File wordpress-trunk_20090124_sqlannotations.diff, 130.9 KB (added by noroute, 16 years ago)

My Patch to marks/annotates all uses of inline SQL outside of wp-db. This patch includes the cases where a raw SQL update/insert is used instead of the existing methods in wp-db (search for "@RawSQLUse, method_exists"). Also see the discussion on wp-hackers (search for "Making WP more secure the evolutionary way").

  • wp-comments-post.php

     
    1919
    2020$comment_post_ID = (int) $_POST['comment_post_ID'];
    2121
     22// @RawSQLUse, trivial_implementation
    2223$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
    2324
    2425if ( empty($status->comment_status) ) {
  • wp-login.php

     
    133133        else if ( is_wp_error($allow) )
    134134                return $allow;
    135135
     136        // @RawSQLUse, trivial_implementation
    136137        $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login));
    137138        if ( empty($key) ) {
    138139                // Generate something random for a key...
    139140                $key = wp_generate_password(20, false);
    140141                do_action('retrieve_password_key', $user_login, $key);
    141142                // Now insert the new md5 key into the db
     143                // @RawSQLUse, method_exists
    142144                $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login));
    143145        }
    144146        $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
     
    169171        if ( empty( $key ) )
    170172                return new WP_Error('invalid_key', __('Invalid key'));
    171173
     174        // @RawSQLUse, trivial_implementation
    172175        $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key));
    173176        if ( empty( $user ) )
    174177                return new WP_Error('invalid_key', __('Invalid key'));
  • wp-includes/taxonomy.php

     
    248248        $taxonomies = "'" . implode("', '", $taxonomies) . "'";
    249249        $terms = "'" . implode("', '", $terms) . "'";
    250250
     251        // @RawSQLUse, algorithmic
    251252        $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($terms) ORDER BY tr.object_id $order");
    252253
    253254        if ( ! $object_ids )
     
    317318                        $term = $term->term_id;
    318319                $term = (int) $term;
    319320                if ( ! $_term = wp_cache_get($term, $taxonomy) ) {
     321                        // @RawSQLUse, algorithmic
    320322                        $_term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.term_id = %s LIMIT 1", $taxonomy, $term) );
    321323                        wp_cache_add($term, $_term, $taxonomy);
    322324                }
     
    386388                $value = (int) $value;
    387389        }
    388390
     391        // @RawSQLUse, algorithmic
    389392        $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) );
    390393        if ( !$term )
    391394                return false;
     
    590593 * @param string|array $args The values of what to search for when returning terms
    591594 * @return array|WP_Error List of Term Objects and their children. Will return WP_Error, if any of $taxonomies do not exist.
    592595 */
     596
    593597function &get_terms($taxonomies, $args = '') {
    594598        global $wpdb;
    595599        $empty_array = array();
     
    759763        else if ( 'names' == $fields )
    760764                $select_this = 't.term_id, tt.parent, tt.count, t.name';
    761765
     766        // @RawSQLUse, algorithmic
    762767        $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit";
    763768
    764769        $terms = $wpdb->get_results($query);
     
    839844function is_term($term, $taxonomy = '') {
    840845        global $wpdb;
    841846
     847        // @RawSQLUse, algorithmic
    842848        $select = "SELECT term_id FROM $wpdb->terms as t WHERE ";
     849        // @RawSQLUse, algorithmic
    843850        $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE ";
    844851
    845852        if ( is_int($term) ) {
     
    859866        $else_where = 't.name = %s';
    860867
    861868        if ( !empty($taxonomy) ) {
     869                // @RawSQLUse, algorithmic
    862870                if ( $result = $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $slug, $taxonomy), ARRAY_A) )
    863871                        return $result;
    864 
     872                // @RawSQLUse, algorithmic
    865873                return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A);
    866874        }
    867 
     875        // @RawSQLUse, algorithmic
    868876        if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) )
    869877                return $result;
    870878
     879        // @RawSQLUse, algorithmic
    871880        return $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $else_where", $term) );
    872881}
    873882
     
    10171026        if ( $ignore_empty )
    10181027                $where = 'AND count > 0';
    10191028
     1029        // @RawSQLUse, simple_code
    10201030        return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) );
    10211031}
    10221032
     
    10461056        foreach ( (array) $taxonomies as $taxonomy ) {
    10471057                $tt_ids = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids');
    10481058                $in_tt_ids = "'" . implode("', '", $tt_ids) . "'";
     1059                // @RawSQLUse, algorithmic
    10491060                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_tt_ids)", $object_id) );
    10501061                wp_update_term_count($tt_ids, $taxonomy);
    10511062        }
     
    11061117                $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) );
    11071118        }
    11081119
     1120        // @RawSQLUse, trivial_implementation
    11091121        $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) );
    11101122
    11111123        foreach ( (array) $objects as $object ) {
     
    11181130                wp_set_object_terms($object, $terms, $taxonomy);
    11191131        }
    11201132
     1133        // @RawSQLUse, trivial_implementation
    11211134        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) );
    11221135
    11231136        // Delete the term if no taxonomies use it.
     1137        // @RawSQLUse, simple_code
    11241138        if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) )
     1139                // @RawSQLUse, trivial_implementation
    11251140                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) );
    11261141
    11271142        clean_term_cache($term, $taxonomy);
     
    11641179 * @param array|string $args Change what is returned
    11651180 * @return array|WP_Error The requested term data or empty array if no terms found. WP_Error if $taxonomy does not exist.
    11661181 */
     1182
    11671183function wp_get_object_terms($object_ids, $taxonomies, $args = array()) {
    11681184        global $wpdb;
    11691185
     
    12251241        else if ( 'all_with_object_id' == $fields )
    12261242                $select_this = 't.*, tt.*, tr.object_id';
    12271243
     1244        // @RawSQLUse, algorithmic
    12281245        $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tr.object_id IN ($object_ids) ORDER BY $orderby $order";
    12291246
    12301247        if ( 'all' == $fields || 'all_with_object_id' == $fields ) {
     
    12331250        } else if ( 'ids' == $fields || 'names' == $fields ) {
    12341251                $terms = array_merge($terms, $wpdb->get_col($query));
    12351252        } else if ( 'tt_ids' == $fields ) {
     1253                // @RawSQLUse, algorithmic
    12361254                $terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id IN ($object_ids) AND tt.taxonomy IN ($taxonomies) ORDER BY tr.term_taxonomy_id $order");
    12371255        }
    12381256
     
    13221340
    13231341        $term_group = 0;
    13241342        if ( $alias_of ) {
     1343                // @RawSQLUse, trivial_implementation
    13251344                $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) );
    13261345                if ( $alias->term_group ) {
    13271346                        // The alias we want is already in a group, so let's use that one.
    13281347                        $term_group = $alias->term_group;
    13291348                } else {
    13301349                        // The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
     1350                        // @RawSQLUse, simple_code
    13311351                        $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1;
     1352                        // @RawSQLUse, method_exists
    13321353                        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) );
    13331354                }
    13341355        }
     
    13511372                $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) );
    13521373        }
    13531374
     1375        // @RawSQLUse, algorithmic
    13541376        $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id ) );
    13551377
    13561378        if ( !empty($tt_id) )
     
    14231445                $tt_id = $term_info['term_taxonomy_id'];
    14241446                $tt_ids[] = $tt_id;
    14251447
     1448                // @RawSQLUse, trivial_implementation
    14261449                if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) )
    14271450                        continue;
    14281451                $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) );
     
    14341457                $delete_terms = array_diff($old_tt_ids, $tt_ids);
    14351458                if ( $delete_terms ) {
    14361459                        $in_delete_terms = "'" . implode("', '", $delete_terms) . "'";
     1460                        // @RawSQLUse, algorithmic
    14371461                        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) );
    14381462                        wp_update_term_count($delete_terms, $taxonomy);
    14391463                }
     
    14481472                        if ( in_array($tt_id, $final_tt_ids) )
    14491473                                $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tt_id, ++$term_order);
    14501474                if ( $values )
     1475                        // @RawSQLUse, simple_code
    14511476                        $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)");
    14521477        }
    14531478
     
    14981523
    14991524        // If we didn't get a unique slug, try appending a number to make it unique.
    15001525        if ( !empty($args['term_id']) )
     1526                // @RawSQLUse, algorithmic
    15011527                $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] );
    15021528        else
     1529                // @RawSQLUse, trivial_implementation
    15031530                $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug );
    15041531
    15051532        if ( $wpdb->get_var( $query ) ) {
     
    15071534                do {
    15081535                        $alt_slug = $slug . "-$num";
    15091536                        $num++;
     1537                        // @RawSQLUse, trivial_implementation
    15101538                        $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) );
    15111539                } while ( $slug_check );
    15121540                $slug = $alt_slug;
     
    15861614        }
    15871615
    15881616        if ( $alias_of ) {
     1617                // @RawSQLUse, trivial_implementation
    15891618                $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) );
    15901619                if ( $alias->term_group ) {
    15911620                        // The alias we want is already in a group, so let's use that one.
    15921621                        $term_group = $alias->term_group;
    15931622                } else {
    15941623                        // The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
     1624                        // @RawSQLUse, simple_code
    15951625                        $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1;
    15961626                        $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) );
    15971627                }
    15981628        }
    15991629
    16001630        // Check for duplicate slug
     1631        // @RawSQLUse, trivial_implementation
    16011632        $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) );
    16021633        if ( $id && ($id != $term_id) ) {
    16031634                // If an empty slug was passed or the parent changed, reset the slug to something unique.
     
    16151646                $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) );
    16161647        }
    16171648
     1649        // @RawSQLUse, algorithmic
    16181650        $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) );
    16191651
    16201652        $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxonomy_id' => $tt_id ) );
     
    17171749        } else {
    17181750                // Default count updater
    17191751                foreach ( (array) $terms as $term) {
     1752                        // @RawSQLUse, simple_code
    17201753                        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term) );
    17211754                        $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) );
    17221755                }
     
    17851818        // If no taxonomy, assume tt_ids.
    17861819        if ( empty($taxonomy) ) {
    17871820                $tt_ids = implode(', ', $ids);
     1821                // @RawSQLUse, algorithmic
    17881822                $terms = $wpdb->get_results("SELECT term_id, taxonomy FROM $wpdb->term_taxonomy WHERE term_taxonomy_id IN ($tt_ids)");
    17891823                foreach ( (array) $terms as $term ) {
    17901824                        $taxonomies[] = $term->taxonomy;
     
    20532087        }
    20542088
    20552089        // Get the object and term ids and stick them in a lookup table
     2090        // @RawSQLUse, algorithmic
    20562091        $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'");
    20572092        foreach ( $results as $row ) {
    20582093                $id = $term_ids[$row->term_taxonomy_id];
     
    20992134        global $wpdb;
    21002135
    21012136        foreach ( (array) $terms as $term ) {
     2137                // @RawSQLUse, simple_code
    21022138                $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term ) );
    21032139                $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) );
    21042140        }
  • wp-includes/post.php

     
    224224                        $post = $post->ID;
    225225                $post = (int) $post;
    226226                if ( ! $_post = wp_cache_get($post, 'posts') ) {
     227                        // @RawSQLUse, simple_code
    227228                        $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post));
    228229                        if ( ! $_post )
    229230                                return $null;
     
    424425        global $wpdb;
    425426
    426427        $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db');
     428        // @RawSQLUse, method_exists
    427429        $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) );
    428430
    429431        if ( 'page' == $post_type )
     
    519521        // expected_slashed ($meta_key)
    520522        $meta_key = stripslashes($meta_key);
    521523
     524        // @RawSQLUse, trivial_implementation
    522525        if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
    523526                return false;
    524527
     
    559562        $meta_value = maybe_serialize( stripslashes_deep($meta_value) );
    560563
    561564        if ( empty( $meta_value ) )
     565                // @RawSQLUse, trivial_implementation
    562566                $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
    563567        else
     568                // @RawSQLUse, trivial_implementation
    564569                $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
    565570
    566571        if ( !$meta_id )
    567572                return false;
    568573
    569574        if ( empty( $meta_value ) )
     575                // @RawSQLUse, trivial_implementation
    570576                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) );
    571577        else
     578                // @RawSQLUse, trivial_implementation
    572579                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) );
    573580
    574581        wp_cache_delete($post_id, 'post_meta');
     
    637644        // expected_slashed ($meta_key)
    638645        $meta_key = stripslashes($meta_key);
    639646
     647        // @RawSQLUse, trivial_implementation
    640648        if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) {
    641649                return add_post_meta($post_id, $meta_key, $meta_value);
    642650        }
     
    667675 */
    668676function delete_post_meta_by_key($post_meta_key) {
    669677        global $wpdb;
     678        // @RawSQLUse, trivial_implementation
    670679        if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) {
    671680                /** @todo Get post_ids and delete cache */
    672681                // wp_cache_delete($post_id, 'post_meta');
     
    950959
    951960        $cache_key = $type;
    952961
     962        // @RawSQLUse, simple_code
    953963        $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s";
    954964        if ( 'readable' == $perm && is_user_logged_in() ) {
    955965                if ( !current_user_can("read_private_{$type}s") ) {
     
    9941004        global $wpdb;
    9951005
    9961006        $and = wp_post_mime_type_where( $mime_type );
     1007        // @RawSQLUse, simple_code
    9971008        $count = $wpdb->get_results( "SELECT post_mime_type, COUNT( * ) AS num_posts FROM $wpdb->posts WHERE post_type = 'attachment' $and GROUP BY post_mime_type", ARRAY_A );
    9981009
    9991010        $stats = array( );
     
    11011112function wp_delete_post($postid = 0) {
    11021113        global $wpdb, $wp_rewrite;
    11031114
     1115        // @RawSQLUse, trivial_implementation
    11041116        if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) )
    11051117                return $post;
    11061118
     
    11271139                }
    11281140
    11291141                // Point children of this page to its parent, also clean the cache of affected children
     1142                // @RawSQLUse, trivial_implementation
    11301143                $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid);
    11311144                $children = $wpdb->get_results($children_query);
    11321145
     
    11361149        }
    11371150
    11381151        // Do raw query.  wp_get_post_revisions() is filtered
     1152        // @RawSQLUse, trivial_implementation
    11391153        $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) );
    11401154        // Use wp_delete_post (via wp_delete_post_revision) again.  Ensures any meta/misplaced data gets cleaned up.
    11411155        foreach ( $revision_ids as $revision_id )
     
    11441158        // Point all attachments to this post up one level
    11451159        $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) );
    11461160
     1161        // @RawSQLUse, trivial_implementation
    11471162        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid ));
    11481163
     1164        // @RawSQLUse, trivial_implementation
    11491165        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid ));
    11501166
     1167        // @RawSQLUse, trivial_implementation
    11511168        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid ));
    11521169
    11531170        if ( 'page' == $post->post_type ) {
     
    12581275                $limit = "LIMIT $num";
    12591276        }
    12601277
     1278        // @RawSQLUse, simple_code
    12611279        $sql = "SELECT * FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC $limit";
    12621280        $result = $wpdb->get_results($sql,ARRAY_A);
    12631281
     
    14671485                $post_password = '';
    14681486
    14691487        if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) {
     1488                // @RawSQLUse, algorithmic
    14701489                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent));
    14711490
    14721491                if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) {
    14731492                        $suffix = 2;
    14741493                        do {
    14751494                                $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix";
     1495                                // @RawSQLUse, algorithmic
    14761496                                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_type, $post_ID, $post_parent));
    14771497                                $suffix++;
    14781498                        } while ($post_name_check);
     
    15001520                // If there is a suggested ID, use it if not already present
    15011521                if ( !empty($import_id) ) {
    15021522                        $import_id = (int) $import_id;
     1523                        // @RawSQLUse, trivial_implementation
    15031524                        if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) {
    15041525                                $data['ID'] = $import_id;
    15051526                        }
     
    18141835 */
    18151836function add_ping($post_id, $uri) {
    18161837        global $wpdb;
     1838        // @RawSQLUse, trivial_implementation
    18171839        $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id ));
    18181840        $pung = trim($pung);
    18191841        $pung = preg_split('/\s/', $pung);
     
    18631885 */
    18641886function get_pung($post_id) {
    18651887        global $wpdb;
     1888        // @RawSQLUse, trivial_implementation
    18661889        $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id ));
    18671890        $pung = trim($pung);
    18681891        $pung = preg_split('/\s/', $pung);
     
    18811904 */
    18821905function get_to_ping($post_id) {
    18831906        global $wpdb;
     1907        // @RawSQLUse, trivial_implementation
    18841908        $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id ));
    18851909        $to_ping = trim($to_ping);
    18861910        $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY);
     
    19351959        global $wpdb;
    19361960
    19371961        if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) {
     1962                // @RawSQLUse, trivial_implementation
    19381963                $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'");
    19391964                wp_cache_add('all_page_ids', $page_ids, 'posts');
    19401965        }
     
    19882013        foreach( (array) $page_paths as $pathdir)
    19892014                $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir);
    19902015
     2016        // @RawSQLUse, algorithmic
    19912017        $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND (post_type = 'page' OR post_type = 'attachment')", $leaf_path ));
    19922018
    19932019        if ( empty($pages) )
     
    19972023                $path = '/' . $leaf_path;
    19982024                $curpage = $page;
    19992025                while ($curpage->post_parent != 0) {
     2026                        // @RawSQLUse, trivial_implementation
    20002027                        $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent ));
    20012028                        $path = '/' . $curpage->post_name . $path;
    20022029                }
     
    20202047 */
    20212048function get_page_by_title($page_title, $output = OBJECT) {
    20222049        global $wpdb;
     2050        // @RawSQLUse, trivial_implementation
    20232051        $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title ));
    20242052        if ( $page )
    20252053                return get_page($page, $output);
     
    21142142 *
    21152143 * @param mixed $args Optional. Array or string of options that overrides defaults.
    21162144 * @return array List of pages matching defaults or $args
     2145 * @RawSQLUse, algorithmic
    21172146 */
     2147
    21182148function &get_pages($args = '') {
    21192149        global $wpdb;
    21202150
     
    22212251        if ( $parent >= 0 )
    22222252                $where .= $wpdb->prepare(' AND post_parent = %d ', $parent);
    22232253
     2254        // @RawSQLUse, algorithmic
    22242255        $query = "SELECT * FROM $wpdb->posts $join WHERE (post_type = 'page' AND post_status = 'publish') $where ";
    22252256        $query .= $author_query;
    22262257        $query .= " ORDER BY " . $sort_column . " " . $sort_order ;
     
    23742405                $post_name = sanitize_title($post_name);
    23752406
    23762407        // expected_slashed ($post_name)
     2408        // @RawSQLUse, algorithmic
    23772409        $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID));
    23782410
    23792411        if ($post_name_check) {
     
    23812413                while ($post_name_check) {
    23822414                        $alt_post_name = $post_name . "-$suffix";
    23832415                        // expected_slashed ($alt_post_name, $post_name)
     2416                        // @RawSQLUse, algorithmic
    23842417                        $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent));
    23852418                        $suffix++;
    23862419                }
     
    24372470                // If there is a suggested ID, use it if not already present
    24382471                if ( !empty($import_id) ) {
    24392472                        $import_id = (int) $import_id;
     2473                        // @RawSQLUse, trivial_implementation
    24402474                        if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) {
    24412475                                $data['ID'] = $import_id;
    24422476                        }
     
    24842518function wp_delete_attachment($postid) {
    24852519        global $wpdb;
    24862520
     2521        // @RawSQLUse, trivial_implementation
    24872522        if ( !$post = $wpdb->get_row(  $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) )
    24882523                return $post;
    24892524
     
    24982533        /** @todo Delete for pluggable post taxonomies too */
    24992534        wp_delete_object_term_relationships($postid, array('category', 'post_tag'));
    25002535
     2536        // @RawSQLUse, trivial_implementation
    25012537        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid ));
    25022538
     2539        // @RawSQLUse, trivial_implementation
    25032540        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid ));
    25042541
     2542        // @RawSQLUse, trivial_implementation
    25052543        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid ));
    25062544
    25072545        $uploadPath = wp_upload_dir();
    25082546
    25092547        if ( ! empty($meta['thumb']) ) {
    25102548                // Don't delete the thumb if another attachment uses it
     2549                // @RawSQLUse, algorithmic
    25112550                if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) {
    25122551                        $thumbfile = str_replace(basename($file), $meta['thumb'], $file);
    25132552                        $thumbfile = apply_filters('wp_delete_file', $thumbfile);
     
    28322871 *
    28332872 * @param string $post_type currently only supports 'post' or 'page'.
    28342873 * @return string SQL code that can be added to a where clause.
     2874 * @RawSQLUse, algorithmic
    28352875 */
     2876
    28362877function get_private_posts_cap_sql($post_type) {
    28372878        global $user_ID;
    28382879        $cap = '';
     
    28942935        if ( !isset($cache_lastpostdate[$blog_id][$timezone]) ) {
    28952936                switch(strtolower($timezone)) {
    28962937                        case 'gmt':
     2938                                // @RawSQLUse, simple_code
    28972939                                $lastpostdate = $wpdb->get_var("SELECT post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
    28982940                                break;
    28992941                        case 'blog':
     2942                                // @RawSQLUse, simple_code
    29002943                                $lastpostdate = $wpdb->get_var("SELECT post_date FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
    29012944                                break;
    29022945                        case 'server':
     2946                                // @RawSQLUse, simple_code
    29032947                                $lastpostdate = $wpdb->get_var("SELECT DATE_ADD(post_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1");
    29042948                                break;
    29052949                }
     
    29332977        if ( !isset($cache_lastpostmodified[$blog_id][$timezone]) ) {
    29342978                switch(strtolower($timezone)) {
    29352979                        case 'gmt':
     2980                                // @RawSQLUse, simple_code
    29362981                                $lastpostmodified = $wpdb->get_var("SELECT post_modified_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
    29372982                                break;
    29382983                        case 'blog':
     2984                                // @RawSQLUse, simple_code
    29392985                                $lastpostmodified = $wpdb->get_var("SELECT post_modified FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
    29402986                                break;
    29412987                        case 'server':
     2988                                // @RawSQLUse, simple_code
    29422989                                $lastpostmodified = $wpdb->get_var("SELECT DATE_ADD(post_modified_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1");
    29432990                                break;
    29442991                }
     
    30033050
    30043051        do_action('clean_post_cache', $id);
    30053052
     3053        // @RawSQLUse, trivial_implementation
    30063054        if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) {
    30073055                foreach( $children as $cid )
    30083056                        clean_post_cache( $cid );
     
    31193167        // Get post-meta info
    31203168        $id_list = join(',', $ids);
    31213169        $cache = array();
     3170        // @RawSQLUse, algorithmic
    31223171        if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN ($id_list)", ARRAY_A) ) {
    31233172                foreach ( (array) $meta_list as $metarow) {
    31243173                        $mpid = (int) $metarow['post_id'];
     
    32833332                return;
    32843333
    32853334        $id = $_post->ancestors[] = $_post->post_parent;
     3335        // @RawSQLUse, simple_code
    32863336        while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
    32873337                if ( $id == $ancestor )
    32883338                        break;
  • wp-includes/comment.php

     
    8080                        $domain = $uri['host'];
    8181                        $uri = parse_url( get_option('home') );
    8282                        $home_domain = $uri['host'];
     83                        // @RawSQLUse, algorithmic
    8384                        if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain )
    8485                                return true;
    8586                        else
    8687                                return false;
    8788                } elseif ( $author != '' && $email != '' ) {
    8889                        // expected_slashed ($author, $email)
     90                        // @RawSQLUse, simple_code
    8991                        $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
    9092                        if ( ( 1 == $ok_to_comment ) &&
    9193                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) )
     
    110112 */
    111113function get_approved_comments($post_id) {
    112114        global $wpdb;
     115        // @RawSQLUse, simple_code
    113116        return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id));
    114117}
    115118
     
    145148                if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) {
    146149                        $_comment = & $GLOBALS['comment'];
    147150                } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) {
     151                        // @RawSQLUse, simple_code
    148152                        $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment));
    149153                        wp_cache_add($_comment->comment_ID, $_comment, 'comment');
    150154                }
     
    231235        else
    232236                $post_where = '';
    233237
     238        // @RawSQLUse, algorithmic
    234239        $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE $post_where $approved ORDER BY $orderby $order $number" );
    235240        wp_cache_add( $cache_key, $comments, 'comment' );
    236241
     
    281286
    282287        switch ( strtolower($timezone)) {
    283288                case 'gmt':
     289                        // @RawSQLUse, simple_code
    284290                        $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
    285291                        break;
    286292                case 'blog':
     293                        // @RawSQLUse, simple_code
    287294                        $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
    288295                        break;
    289296                case 'server':
     297                        // @RawSQLUse, simple_code
    290298                        $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server));
    291299                        break;
    292300        }
     
    319327                $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id);
    320328        }
    321329
     330        // @RawSQLUse, simple_code
    322331        $totals = (array) $wpdb->get_results("
    323332                SELECT comment_approved, COUNT( * ) AS total
    324333                FROM {$wpdb->comments}
     
    418427        if ( $user_id ) {
    419428                $userdata = get_userdata($user_id);
    420429                $user = new WP_User($user_id);
     430                // @RawSQLUse, simple_code
    421431                $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
    422432        }
    423433
     
    459469        global $wpdb;
    460470        if ( current_user_can( 'manage_options' ) )
    461471                return; // don't throttle admins
     472        // @RawSQLUse, algorithmic
    462473        if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) {
    463474                $time_lastcomment = mysql2date('U', $lasttime);
    464475                $time_newcomment  = mysql2date('U', $date);
     
    592603        $comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : '';
    593604
    594605        // Count comments older than this one
     606        // @RawSQLUse, algorithmic
    595607        $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) );
    596608
    597609        // No older comments? Then it's page #1.
     
    692704        if( $post_id > 0 )
    693705                $where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id );
    694706
     707        // @RawSQLUse, simple_code
    695708        $count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A );
    696709
    697710        $total = 0;
     
    736749
    737750        $comment = get_comment($comment_id);
    738751
     752        // @RawSQLUse, trivial_implementation
    739753        if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) )
    740754                return false;
    741755
     
    878892        if ( ! isset($comment_type) )
    879893                $comment_type = '';
    880894
     895        // @RawSQLUse, method_exists
    881896        $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments
    882897        (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
    883898        VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)",
     
    10161031
    10171032        switch ( $comment_status ) {
    10181033                case 'hold':
     1034                        // @RawSQLUse, simple_code
    10191035                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id);
    10201036                        break;
    10211037                case 'approve':
     1038                        // @RawSQLUse, simple_code
    10221039                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id);
    10231040                        if ( get_option('comments_notify') ) {
    10241041                                $comment = get_comment($comment_id);
     
    10261043                        }
    10271044                        break;
    10281045                case 'spam':
     1046                        // @RawSQLUse, simple_code
    10291047                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id);
    10301048                        break;
    10311049                case 'delete':
     
    10911109        else if ( 'approve' == $comment_approved )
    10921110                $comment_approved = 1;
    10931111
     1112        // @RawSQLUse, method_exists
    10941113        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET
    10951114                        comment_content      = %s,
    10961115                        comment_author       = %s,
     
    12051224                return false;
    12061225
    12071226        $old = (int) $post->comment_count;
     1227        // @RawSQLUse, trivial_implementation
    12081228        $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) );
     1229        // @RawSQLUse, method_exists
    12091230        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) );
    12101231
    12111232        if ( 'page' == $post->post_type )
     
    12911312        global $wpdb;
    12921313
    12931314        // Do pingbacks
     1315        // @RawSQLUse, simple_code
    12941316        while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) {
     1317                // @RawSQLUse, trivial_implementation
    12951318                $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';");
    12961319                pingback($ping->post_content, $ping->ID);
    12971320        }
    12981321
    12991322        // Do Enclosures
     1323        // @RawSQLUse, simple_code
    13001324        while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
     1325                // @RawSQLUse, trivial_implementation
    13011326                $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) );
    13021327                do_enclose($enclosure->post_content, $enclosure->ID);
    13031328        }
    13041329
    13051330        // Do Trackbacks
     1331        // @RawSQLUse, algorithmic
    13061332        $trackbacks = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE to_ping <> '' AND post_status = 'publish'");
    13071333        if ( is_array($trackbacks) )
    13081334                foreach ( $trackbacks as $trackback )
     
    13231349function do_trackbacks($post_id) {
    13241350        global $wpdb;
    13251351
     1352        // @RawSQLUse, trivial_implementation
    13261353        $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) );
    13271354        $to_ping = get_to_ping($post_id);
    13281355        $pinged  = get_pung($post_id);
    13291356        if ( empty($to_ping) ) {
     1357                // @RawSQLUse, method_exists
    13301358                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) );
    13311359                return;
    13321360        }
     
    13481376                                trackback($tb_ping, $post_title, $excerpt, $post_id);
    13491377                                $pinged[] = $tb_ping;
    13501378                        } else {
     1379                                // @RawSQLUse, simple_code
    13511380                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
    13521381                        }
    13531382                }
     
    15011530                return;
    15021531
    15031532        $tb_url = addslashes( $trackback_url );
     1533        // @RawSQLUse, simple_code
    15041534        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) );
     1535        // @RawSQLUse, simple_code
    15051536        return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
    15061537}
    15071538
  • wp-includes/functions.php

     
    331331                        if ( defined( 'WP_INSTALLING' ) )
    332332                                $suppress = $wpdb->suppress_errors();
    333333                        // expected_slashed ($setting)
     334                        // @RawSQLUse, simple_code
    334335                        $row = $wpdb->get_row( "SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1" );
    335336                        if ( defined( 'WP_INSTALLING' ) )
    336337                                $wpdb->suppress_errors($suppress);
     
    407408function get_alloptions() {
    408409        global $wpdb;
    409410        $show = $wpdb->hide_errors();
     411        // @RawSQLUse, trivial_implementation
    410412        if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) )
     413                // @RawSQLUse, trivial_implementation
    411414                $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" );
    412415        $wpdb->show_errors($show);
    413416
     
    441444
    442445        if ( !$alloptions ) {
    443446                $suppress = $wpdb->suppress_errors();
     447                // @RawSQLUse, trivial_implementation
    444448                if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) )
     449                        // @RawSQLUse, trivial_implementation
    445450                        $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" );
    446451                $wpdb->suppress_errors($suppress);
    447452                $alloptions = array();
     
    514519                wp_cache_set( $option_name, $newvalue, 'options' );
    515520        }
    516521
     522        // @RawSQLUse, method_exists
    517523        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) );
    518524        if ( $wpdb->rows_affected == 1 ) {
    519525                do_action( "update_option_{$option_name}", $oldvalue, $_newvalue );
     
    581587                wp_cache_set( 'notoptions', $notoptions, 'options' );
    582588        }
    583589
     590        // @RawSQLUse, method_exists
    584591        $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) );
    585592
    586593        do_action( "add_option_{$name}", $name, $value );
     
    604611
    605612        // Get the ID, if no ID then return
    606613        // expected_slashed ($name)
     614        // @RawSQLUse, trivial_implementation
    607615        $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" );
    608616        if ( is_null($option) || !$option->option_id )
    609617                return false;
    610618        // expected_slashed ($name)
     619        // @RawSQLUse, trivial_implementation
    611620        $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" );
    612621        if ( 'yes' == $option->autoload ) {
    613622                $alloptions = wp_load_alloptions();
     
    987996        }
    988997
    989998        foreach ( (array) $post_links as $url ) {
     999                // @RawSQLUse, algorithmic
    9901000                if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) {
    9911001                        if ( $headers = wp_get_http_headers( $url) ) {
    9921002                                $len = (int) $headers['content-length'];
     
    9941004                                $allowed_types = array( 'video', 'audio' );
    9951005                                if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
    9961006                                        $meta_value = "$url\n$len\n$type\n";
     1007                                        // @RawSQLUse, method_exists
    9971008                                        $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` )
    9981009                                        VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) );
    9991010                                }
     
    15371548                return true;
    15381549
    15391550        $suppress = $wpdb->suppress_errors();
     1551        // @RawSQLUse, trivial_implementation
    15401552        $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" );
    15411553        $wpdb->suppress_errors($suppress);
    15421554
  • wp-includes/comment-template.php

     
    814814
    815815        /** @todo Use API instead of SELECTs. */
    816816        if ( $user_ID) {
     817                // @RawSQLUse, algorithmic
    817818                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) )  ORDER BY comment_date", $post->ID, $user_ID));
    818819        } else if ( empty($comment_author) ) {
     820                // @RawSQLUse, simple_code
    819821                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID));
    820822        } else {
     823                // @RawSQLUse, algorithmic
    821824                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email));
    822825        }
    823826
  • wp-includes/user.php

     
    108108        global $wpdb;
    109109        if ( !$user )
    110110                $user = $wpdb->escape($_COOKIE[USER_COOKIE]);
     111                // @RawSQLUse, trivial_implementation
    111112        return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
    112113}
    113114
     
    123124function get_usernumposts($userid) {
    124125        global $wpdb;
    125126        $userid = (int) $userid;
     127        // @RawSQLUse, trivial_implementation
    126128        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
    127129        return apply_filters('get_usernumposts', $count, $userid);
    128130}
     
    232234        global $wpdb, $blog_id;
    233235        if ( empty($id) )
    234236                $id = (int) $blog_id;
     237        // @RawSQLUse, simple_code
    235238        $users = $wpdb->get_results( "SELECT user_id, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "capabilities' ORDER BY {$wpdb->usermeta}.user_id" );
    236239        return $users;
    237240}
     
    262265        $meta_value = trim( $meta_value );
    263266
    264267        if ( ! empty($meta_value) )
     268                // @RawSQLUse, trivial_implementation
    265269                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) );
    266270        else
     271                // @RawSQLUse, trivial_implementation
    267272                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    268273
    269274        wp_cache_delete($user_id, 'users');
     
    300305                if ( false !== $user && isset($user->$meta_key) )
    301306                        $metas = array($user->$meta_key);
    302307                else
     308                        // @RawSQLUse, trivial_implementation
    303309                        $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    304310        } else {
     311                // @RawSQLUse, trivial_implementation
    305312                $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
    306313        }
    307314
     
    352359                return delete_usermeta($user_id, $meta_key);
    353360        }
    354361
     362        // @RawSQLUse, trivial_implementation
    355363        $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    356364        if ( !$cur ) {
     365                // @RawSQLUse, method_exists
    357366                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
    358367                VALUES
    359368                ( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
    360369        } else if ( $cur->meta_value != $meta_value ) {
     370                // @RawSQLUse, method_exists
    361371                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
    362372        } else {
    363373                return false;
     
    458468        $r = wp_parse_args( $args, $defaults );
    459469        extract( $r, EXTR_SKIP );
    460470
     471        // @RawSQLUse, algorithmic
    461472        $query = "SELECT * FROM $wpdb->users";
    462473
    463474        $query_where = array();
     
    529540        global $wpdb;
    530541
    531542        $show = $wpdb->hide_errors();
     543        // @RawSQLUse, trivial_implementation
    532544        $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID));
    533545        $wpdb->show_errors($show);
    534546
  • wp-includes/query.php

     
    19221922                        $taxonomy_field = $item == 'tag_slug__and' ? 'slug' : 'term_id';
    19231923
    19241924                        $q[$item] = array_unique($q[$item]);
     1925                        // @RawSQLUse, algorithmic
    19251926                        $tsql = "SELECT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->term_relationships tr ON (p.ID = tr.object_id) INNER JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) INNER JOIN $wpdb->terms t ON (tt.term_id = t.term_id)";
    19261927                        $tsql .= " WHERE tt.taxonomy = '$taxonomy' AND t.$taxonomy_field IN ('" . implode("', '", $q[$item]) . "')";
    19271928                        $tsql .= " GROUP BY p.ID HAVING count(p.ID) = " . count($q[$item]);
     
    21862187                                $cgroupby = apply_filters('comment_feed_groupby', $cgroupby);
    21872188                        }
    21882189
     2190                        // @RawSQLUse, algorithmic
    21892191                        $this->comments = (array) $wpdb->get_results("SELECT $distinct $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere $cgroupby ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss'));
    21902192                        $this->comment_count = count($this->comments);
    21912193
     
    22422244                if ( !empty($limits) )
    22432245                        $found_rows = 'SQL_CALC_FOUND_ROWS';
    22442246
     2247                // @RawSQLUse, algorithmic
    22452248                $this->request = " SELECT $found_rows $distinct $fields FROM $wpdb->posts $join WHERE 1=1 $where $groupby $orderby $limits";
    22462249                if ( !$q['suppress_filters'] )
    22472250                        $this->request = apply_filters('posts_request', $this->request);
     
    22542257                if ( !empty($this->posts) && $this->is_comment_feed && $this->is_singular ) {
    22552258                        $cjoin = apply_filters('comment_feed_join', '');
    22562259                        $cwhere = apply_filters('comment_feed_where', "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'");
     2260                        // @RawSQLUse, algorithmic
    22572261                        $comments_request = "SELECT $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss');
    22582262                        $this->comments = $wpdb->get_results($comments_request);
    22592263                        $this->comment_count = count($this->comments);
     
    23232327                        // Fetch sticky posts that weren't in the query results
    23242328                        if ( !empty($sticky_posts) ) {
    23252329                                $stickies__in = implode(',', array_map( 'absint', $sticky_posts ));
     2330                                // @RawSQLUse, algorithmic
    23262331                                $stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in)" );
    23272332                                /** @todo Make sure post is published or viewable by the current user */
    23282333                                foreach ( $stickies as $sticky_post ) {
     
    26152620        if ( is_404() && '' != $wp_query->query_vars['name'] ) :
    26162621                global $wpdb;
    26172622
     2623                // @RawSQLUse, simple_code
    26182624                $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'";
    26192625
    26202626                // if year, monthnum, or day have been specified, make our query more precise
  • wp-includes/bookmark.php

     
    3232                if ( isset($GLOBALS['link']) && ($GLOBALS['link']->link_id == $bookmark) ) {
    3333                        $_bookmark = & $GLOBALS['link'];
    3434                } elseif ( ! $_bookmark = wp_cache_get($bookmark, 'bookmark') ) {
     35                        // @RawSQLUse, simple_code
    3536                        $_bookmark = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->links WHERE link_id = %d LIMIT 1", $bookmark));
    3637                        $_bookmark->link_category = array_unique( wp_get_object_terms($_bookmark->link_id, 'link_category', 'fields=ids') );
    3738                        wp_cache_add($_bookmark->link_id, $_bookmark, 'bookmark');
     
    241242        if ( $hide_invisible )
    242243                $visible = "AND link_visible = 'Y'";
    243244
     245        // @RawSQLUse, algorithmic
    244246        $query = "SELECT * $length $recently_updated_test $get_updated FROM $wpdb->links $join WHERE 1=1 $visible $category_query";
    245247        $query .= " $exclusions $inclusions $search";
    246248        $query .= " ORDER BY $orderby $order";
  • wp-includes/link-template.php

     
    900900        $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare("WHERE p.post_date $op %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories );
    901901        $sort  = apply_filters( "get_{$adjacent}_post_sort", "ORDER BY p.post_date $order LIMIT 1" );
    902902
     903        // @RawSQLUse, algorithmic
    903904        return $wpdb->get_row("SELECT p.* FROM $wpdb->posts AS p $join $where $sort");
    904905}
    905906
  • wp-includes/author-template.php

     
    472472        $return = '';
    473473
    474474        /** @todo Move select to get_authors(). */
     475        // @RawSQLUse, algorithmic
    475476        $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name");
    476477
    477478        $author_count = array();
     479        // @RawSQLUse, simple_code
    478480        foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author") as $row) {
    479481                $author_count[$row->post_author] = $row->count;
    480482        }
  • wp-includes/rewrite.php

     
    782782                global $wpdb;
    783783
    784784                //get pages in order of hierarchy, i.e. children after parents
     785                // @RawSQLUse, trivial_implementation
    785786                $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'"));
    786787                //now reverse it, because we need parents after children for rewrite rules to work properly
    787788                $posts = array_reverse($posts, true);
     
    795796                foreach ($posts as $id => $post) {
    796797                        // URL => page name
    797798                        $uri = get_page_uri($id);
     799                        // @RawSQLUse, trivial_implementation
    798800                        $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id ));
    799801                        if ( $attachments ) {
    800802                                foreach ( $attachments as $attachment ) {
  • wp-includes/general-template.php

     
    422422        }
    423423        if ( !empty($author_name) ) {
    424424                // We do a direct query here because we don't cache by nicename.
     425                // @RawSQLUse, trivial_implementation
    425426                $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name));
    426427        }
    427428
     
    510511
    511512        if ( intval($p) || '' != $name ) {
    512513                if ( !$p )
     514                // @RawSQLUse, trivial_implementation
    513515                        $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name));
    514516                $post = & get_post($p);
    515517                $title = $post->post_title;
     
    760762        $output = '';
    761763
    762764        if ( 'monthly' == $type ) {
     765                // @RawSQLUse, simple_code
    763766                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC $limit";
    764767                $key = md5($query);
    765768                $cache = wp_cache_get( 'wp_get_archives' , 'general');
     
    781784                        }
    782785                }
    783786        } elseif ('yearly' == $type) {
     787                // @RawSQLUse, simple_code
    784788                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date) ORDER BY post_date DESC $limit";
    785789                $key = md5($query);
    786790                $cache = wp_cache_get( 'wp_get_archives' , 'general');
     
    802806                        }
    803807                }
    804808        } elseif ( 'daily' == $type ) {
     809                // @RawSQLUse, simple_code
    805810                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, DAYOFMONTH(post_date) AS `dayofmonth`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date), DAYOFMONTH(post_date) ORDER BY post_date DESC $limit";
    806811                $key = md5($query);
    807812                $cache = wp_cache_get( 'wp_get_archives' , 'general');
     
    825830                }
    826831        } elseif ( 'weekly' == $type ) {
    827832                $start_of_week = get_option('start_of_week');
     833                // @RawSQLUse, simple_code
    828834                $query = "SELECT DISTINCT WEEK(post_date, $start_of_week) AS `week`, YEAR(post_date) AS yr, DATE_FORMAT(post_date, '%Y-%m-%d') AS yyyymmdd, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY WEEK(post_date, $start_of_week), YEAR(post_date) ORDER BY post_date DESC $limit";
    829835                $key = md5($query);
    830836                $cache = wp_cache_get( 'wp_get_archives' , 'general');
     
    855861                }
    856862        } elseif ( ( 'postbypost' == $type ) || ('alpha' == $type) ) {
    857863                $orderby = ('alpha' == $type) ? "post_title ASC " : "post_date DESC ";
     864                // @RawSQLUse, algorithmic
    858865                $query = "SELECT * FROM $wpdb->posts $join $where ORDER BY $orderby $limit";
    859866                $key = md5($query);
    860867                $cache = wp_cache_get( 'wp_get_archives' , 'general');
     
    927934        ob_start();
    928935        // Quick check. If we have no posts at all, abort!
    929936        if ( !$posts ) {
     937                // @RawSQLUse, simple_code
    930938                $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' ORDER BY post_date DESC LIMIT 1");
    931939                if ( !$gotsome )
    932940                        return;
     
    946954                // We need to get the month from MySQL
    947955                $thisyear = ''.intval(substr($m, 0, 4));
    948956                $d = (($w - 1) * 7) + 6; //it seems MySQL's weeks disagree with PHP's
     957                // @RawSQLUse, simple_code
    949958                $thismonth = $wpdb->get_var("SELECT DATE_FORMAT((DATE_ADD('${thisyear}0101', INTERVAL $d DAY) ), '%m')");
    950959        } elseif ( !empty($m) ) {
    951960                $thisyear = ''.intval(substr($m, 0, 4));
     
    961970        $unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear);
    962971
    963972        // Get the next and previous month and year with at least one post
     973        // @RawSQLUse, algorithmic
    964974        $previous = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year
    965975                FROM $wpdb->posts
    966976                WHERE post_date < '$thisyear-$thismonth-01'
    967977                AND post_type = 'post' AND post_status = 'publish'
    968978                        ORDER BY post_date DESC
    969979                        LIMIT 1");
     980        // @RawSQLUse, algorithmic
    970981        $next = $wpdb->get_row("SELECT  DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year
    971982                FROM $wpdb->posts
    972983                WHERE post_date >       '$thisyear-$thismonth-01'
     
    10241035        <tr>';
    10251036
    10261037        // Get days with posts
     1038        // @RawSQLUse, algorithmic
    10271039        $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
    10281040                FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
    10291041                AND YEAR(post_date) = '$thisyear'
     
    10431055                $ak_title_separator = ', ';
    10441056
    10451057        $ak_titles_for_day = array();
     1058        // @RawSQLUse, algorithmic
    10461059        $ak_post_titles = $wpdb->get_results("SELECT post_title, DAYOFMONTH(post_date) as dom "
    10471060                ."FROM $wpdb->posts "
    10481061                ."WHERE YEAR(post_date) = '$thisyear' "
  • wp-includes/canonical.php

     
    6868
    6969        if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) {
    7070
     71                // @RawSQLUse, trivial_implementation
    7172                $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) );
    7273
    7374                if ( isset($vars[0]) && $vars = $vars[0] ) {
     
    328329        if ( get_query_var('day') )
    329330                $where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day'));
    330331
     332        // @RawSQLUse, algorithmic
    331333        $post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'");
    332334        if ( !$post_id )
    333335                return false;
  • wp-includes/deprecated.php

     
    11201120        _deprecated_function(__FUNCTION__, '0.0' );
    11211121
    11221122        if ( $count )
     1123                // @RawSQLUse, trivial_implementation
    11231124                $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links");
    11241125
    11251126        $javascript = "<a href=\"#\" onclick=\"javascript:window.open('$file?popup=1', '_blank', 'width=$width,height=$height,scrollbars=yes,status=no'); return false\">";
  • wp-includes/pluggable.php

     
    130130        if ( $user )
    131131                return $user;
    132132
     133        // @RawSQLUse, simple_code
    133134        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) )
    134135                return false;
    135136
     
    164165        if ( false !== $user )
    165166                return $user;
    166167
     168        // @RawSQLUse, trivial_implementation
    167169        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) )
    168170                return false;
    169171
     
    194196        if ( false !== $user )
    195197                return $user;
    196198
     199        // @RawSQLUse, trivial_implementation
    197200        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) )
    198201                return false;
    199202
     
    10021005        if( get_option( "moderation_notify" ) == 0 )
    10031006                return true;
    10041007
     1008        // @RawSQLUse, simple_code
    10051009        $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id));
     1010        // @RawSQLUse, simple_code
    10061011        $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID));
    10071012
    10081013        $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);
     1014        // @RawSQLUse, simple_code
    10091015        $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'");
    10101016
    10111017        switch ($comment->comment_type)
     
    14551461        global $wpdb;
    14561462
    14571463        $hash = wp_hash_password($password);
     1464        // @RawSQLUse, method_exists
    14581465        $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id);
    14591466        $wpdb->query($query);
    14601467        wp_cache_delete($user_id, 'users');
  • wp-includes/widgets.php

     
    13901390                $number = 15;
    13911391
    13921392        if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) {
     1393                // @RawSQLUse, simple_code
    13931394                $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT $number");
    13941395                wp_cache_add( 'recent_comments', $comments, 'widget' );
    13951396        }
  • wp-includes/rss.php

     
    715715                $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts';
    716716
    717717                // shouldn't these be using get_option() ?
     718                // @RawSQLUse, trivial_implementation
    718719                if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) )
    719720                        add_option($cache_option, '', '', 'no');
     721                // @RawSQLUse, trivial_implementation
    720722                if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) )
    721723                        add_option($cache_timestamp, '', '', 'no');
    722724
  • xmlrpc.php

     
    765765                do_action('xmlrpc_call', 'wp.getPageList');
    766766
    767767                // Get list of pages ids and titles
     768                // @RawSQLUse, simple_code
    768769                $page_list = $wpdb->get_results("
    769770                        SELECT ID page_id,
    770771                                post_title page_title,
     
    22732274                global $wpdb;
    22742275
    22752276                // find any unattached files
     2277                // @RawSQLUse, trivial_implementation
    22762278                $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" );
    22772279                if( is_array( $attachments ) ) {
    22782280                        foreach( $attachments as $file ) {
    22792281                                if( strpos( $post_content, $file->guid ) !== false ) {
     2282                                        // @RawSQLUse, method_exists
    22802283                                        $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) );
    22812284                                }
    22822285                        }
     
    28522855
    28532856                if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) {
    28542857                        // Get postmeta info on the object.
     2858                        // @RawSQLUse, trivial_implementation
    28552859                        $old_file = $wpdb->get_row("
    28562860                                SELECT ID
    28572861                                FROM {$wpdb->posts}
     
    31263130                        return new IXR_Error(404, __('Sorry, no such post.'));
    31273131                }
    31283132
     3133                // @RawSQLUse, trivial_implementation
    31293134                $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    31303135
    31313136                if (!$comments) {
     
    32503255                        } elseif (is_string($urltest['fragment'])) {
    32513256                                // ...or a string #title, a little more complicated
    32523257                                $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
     3258                                // @RawSQLUse, trivial_implementation
    32533259                                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
    32543260                                if (! ($post_ID = $wpdb->get_var($sql)) ) {
    32553261                                        // returning unknown error '0' is better than die()ing
     
    32793285                        return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
    32803286
    32813287                // Let's check that the remote site didn't already pingback this entry
     3288                // @RawSQLUse, trivial_implementation
    32823289                $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) );
    32833290
    32843291                if ( $wpdb->num_rows ) // We already have a Pingback from this URL
     
    33943401                        return new IXR_Error(32, __('The specified target URL does not exist.'));
    33953402                }
    33963403
     3404                // @RawSQLUse, trivial_implementation
    33973405                $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    33983406
    33993407                if (!$comments) {
  • wp-trackback.php

     
    9797        $comment_content = "<strong>$title</strong>\n\n$excerpt";
    9898        $comment_type = 'trackback';
    9999
     100        // @RawSQLUse, trivial_implementation
    100101        $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
    101102        if ( $dupe )
    102103                trackback_response(1, 'We already have a ping from that URL for this post.');
  • wp-admin/update-links.php

     
    1818if ( !get_option('use_linksupdate') )
    1919        wp_die(__('Feature disabled.'));
    2020
     21// @RawSQLUse, trivial_implementation
    2122$link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links");
    2223
    2324if ( !$link_uris )
     
    5051foreach ($returns as $return) :
    5152        $time = substr($return, 0, 19);
    5253        $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return);
     54        // @RawSQLUse, method_exists
    5355        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) );
    5456endforeach;
    5557
  • wp-admin/users.php

     
    153153                        $go_delete = true;
    154154                }
    155155        }
     156        // @RawSQLUse, simple_code
    156157        $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login");
    157158        $user_dropdown = '<select name="reassign_user">';
    158159        foreach ( (array) $all_logins as $login )
  • wp-admin/edit-comments.php

     
    1919
    2020        $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
    2121        if ( current_user_can('moderate_comments')) {
     22        // @RawSQLUse, algorithmic
    2223                $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
    2324        } else {
    2425                $deleted_spam = 0;
     
    3435        $deleted = $approved = $unapproved = $spammed = 0;
    3536        foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each
    3637                $comment_id = (int) $comment_id;
     38                // @RawSQLUse, trivial_implementation
    3739                $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) );
    3840
    3941                if ( !current_user_can('edit_post', $_post_id) )
  • wp-admin/admin-ajax.php

     
    5959        if ( strlen( $s ) < 2 )
    6060                die; // require 2 chars for matching
    6161
     62    // @RawSQLUse, algorithmic
    6263        $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
    6364
    6465        echo join( $results, "\n" );
     
    606607        if ( !current_user_can( 'edit_post', $comment_post_ID ) )
    607608                die('-1');
    608609
     610        // @RawSQLUse, trivial_implementation
    609611        $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
    610612
    611613        if ( empty($status) )
     
    10851087        if ( count($search_terms) > 1 && $search_terms[0] != $s )
    10861088                $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
    10871089
     1090        // @RawSQLUse, simple_code
    10881091        $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
    10891092
    10901093        if ( ! $posts )
  • wp-admin/includes/bookmark.php

     
    8383
    8484        wp_delete_object_term_relationships( $link_id, 'link_category' );
    8585
     86        // @RawSQLUse, trivial_implementation
    8687        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->links WHERE link_id = %d", $link_id ) );
    8788
    8889        do_action( 'deleted_link', $link_id );
     
    186187        }
    187188
    188189        if ( $update ) {
     190                // @RawSQLUse, method_exists
    189191                if ( false === $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_url = %s,
    190192                        link_name = %s, link_image = %s, link_target = %s,
    191193                        link_visible = %s, link_description = %s, link_rating = %s,
     
    197199                                return 0;
    198200                }
    199201        } else {
     202                // @RawSQLUse, method_exists
    200203                if ( false === $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
    201204                $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss ) ) ) {
    202205                        if ( $wp_error )
  • wp-admin/includes/post.php

     
    257257        }
    258258
    259259        if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) {
     260                // @RawSQLUse, trivial_implementation
    260261                $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'");
    261262                $children = array();
    262263
     
    417418                $post_date = $wpdb->prepare("AND post_date = %s", $post_date);
    418419
    419420        if (!empty ($title))
     421                // @RawSQLUse, trivial_implementation
    420422                return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
    421423        else
    422424                if (!empty ($content))
     425                        // @RawSQLUse, trivial_implementation
    423426                        return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
    424427
    425428        return 0;
     
    566569
    567570                wp_cache_delete($post_ID, 'post_meta');
    568571
     572                // @RawSQLUse, method_exists
    569573                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) );
    570574                return $wpdb->insert_id;
    571575        }
     
    584588        global $wpdb;
    585589        $mid = (int) $mid;
    586590
     591        // @RawSQLUse, trivial_implementation
    587592        $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    588593        wp_cache_delete($post_id, 'post_meta');
    589594
     595        // @RawSQLUse, trivial_implementation
    590596        return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    591597}
    592598
     
    600606function get_meta_keys() {
    601607        global $wpdb;
    602608
     609        // @RawSQLUse, simple_code
    603610        $keys = $wpdb->get_col( "
    604611                        SELECT meta_key
    605612                        FROM $wpdb->postmeta
     
    621628        global $wpdb;
    622629        $mid = (int) $mid;
    623630
     631        // @RawSQLUse, trivial_implementation
    624632        $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    625633        if ( is_serialized_string( $meta->meta_value ) )
    626634                $meta->meta_value = maybe_unserialize( $meta->meta_value );
     
    640648function has_meta( $postid ) {
    641649        global $wpdb;
    642650
     651        // @RawSQLUse, simple_code
    643652        return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
    644653                        FROM $wpdb->postmeta WHERE post_id = %d
    645654                        ORDER BY meta_key,meta_id", $postid), ARRAY_A );
     
    664673        if ( in_array($meta_key, $protected) )
    665674                return false;
    666675
     676        // @RawSQLUse, trivial_implementation
    667677        $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) );
    668678        wp_cache_delete($post_id, 'post_meta');
    669679
     
    743753        global $wpdb;
    744754        $old_ID = (int) $old_ID;
    745755        $new_ID = (int) $new_ID;
     756        // @RawSQLUse, method_exists
    746757        return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
    747758}
    748759
     
    818829function get_available_post_mime_types($type = 'attachment') {
    819830        global $wpdb;
    820831
     832        // @RawSQLUse, simple_code
    821833        $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type));
    822834        return $types;
    823835}
  • wp-admin/includes/upgrade.php

     
    9595        // Default category
    9696        $cat_name = $wpdb->escape(__('Uncategorized'));
    9797        $cat_slug = sanitize_title(_c('Uncategorized|Default category slug'));
     98        // @RawSQLUse, method_exists
    9899        $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
     100        // @RawSQLUse, method_exists
    99101        $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')");
    100102
    101103        // Default link category
    102104        $cat_name = $wpdb->escape(__('Blogroll'));
    103105        $cat_slug = sanitize_title(_c('Blogroll|Default link category slug'));
     106        // @RawSQLUse, method_exists
    104107        $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')");
     108        // @RawSQLUse, method_exists
    105109        $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')");
    106110
    107111        // Now drop in some default links
     112        // @RawSQLUse, method_exists
    108113        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');");
     114        // @RawSQLUse, method_exists
    109115        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" );
    110116
     117        // @RawSQLUse, method_exists
    111118        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');");
     119        // @RawSQLUse, method_exists
    112120        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" );
    113121
     122        // @RawSQLUse, method_exists
    114123        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');");
     124        // @RawSQLUse, method_exists
    115125        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" );
    116126
     127        // @RawSQLUse, method_exists
    117128        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');");
     129        // @RawSQLUse, method_exists
    118130        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" );
    119131
     132        // @RawSQLUse, method_exists
    120133        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');");
     134        // @RawSQLUse, method_exists
    121135        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" );
    122136
     137        // @RawSQLUse, method_exists
    123138        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');");
     139        // @RawSQLUse, method_exists
    124140        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" );
    125141
     142        // @RawSQLUse, method_exists
    126143        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');");
     144        // @RawSQLUse, method_exists
    127145        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" );
    128146
    129147        // First post
    130148        $now = date('Y-m-d H:i:s');
    131149        $now_gmt = gmdate('Y-m-d H:i:s');
    132150        $first_post_guid = get_option('home') . '/?p=1';
     151        // @RawSQLUse, method_exists
    133152        $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')");
     153        // @RawSQLUse, method_exists
    134154        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" );
    135155
    136156        // Default comment
     157        // @RawSQLUse, method_exists
    137158        $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')");
    138159
    139160        // First Page
    140161        $first_post_guid = get_option('home') . '/?page_id=2';
     162        // @RawSQLUse, method_exists
    141163        $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')");
    142164}
    143165endif;
     
    292314        global $wpdb;
    293315
    294316        // Get the title and ID of every post, post_name to check if it already has a value
     317        // @RawSQLUse, trivial_implementation
    295318        $posts = $wpdb->get_results("SELECT ID, post_title, post_name FROM $wpdb->posts WHERE post_name = ''");
    296319        if ($posts) {
    297320                foreach($posts as $post) {
    298321                        if ('' == $post->post_name) {
    299322                                $newtitle = sanitize_title($post->post_title);
     323                                // @RawSQLUse, method_exists
    300324                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) );
    301325                        }
    302326                }
    303327        }
    304328
     329        // @RawSQLUse, trivial_implementation
    305330        $categories = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename FROM $wpdb->categories");
    306331        foreach ($categories as $category) {
    307332                if ('' == $category->category_nicename) {
    308333                        $newtitle = sanitize_title($category->cat_name);
     334                        // @RawSQLUse, method_exists
    309335                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) );
    310336                }
    311337        }
    312338
     339        // @RawSQLUse, algorithmic
    313340        $wpdb->query("UPDATE $wpdb->options SET option_value = REPLACE(option_value, 'wp-links/links-images/', 'wp-images/links/')
    314341        WHERE option_name LIKE 'links_rating_image%'
    315342        AND option_value LIKE 'wp-links/links-images/%'");
    316343
     344        // @RawSQLUse, simple_code
    317345        $done_ids = $wpdb->get_results("SELECT DISTINCT post_id FROM $wpdb->post2cat");
    318346        if ($done_ids) :
    319347                foreach ($done_ids as $done_id) :
     
    324352                $catwhere = '';
    325353        endif;
    326354
     355        // @RawSQLUse, trivial_implementation
    327356        $allposts = $wpdb->get_results("SELECT ID, post_category FROM $wpdb->posts WHERE post_category != '0' $catwhere");
    328357        if ($allposts) :
    329358                foreach ($allposts as $post) {
    330359                        // Check to see if it's already been imported
     360                        // @RawSQLUse, trivial_implementation
    331361                        $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) );
    332362                        if (!$cat && 0 != $post->post_category) { // If there's no result
     363                                // @RawSQLUse, method_exists
    333364                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat
    334365                                        (post_id, category_id)
    335366                                        VALUES (%s, %s)
     
    366397        global $wpdb;
    367398
    368399        // Set user_nicename.
     400        // @RawSQLUse, trivial_implementation
    369401        $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users");
    370402        foreach ($users as $user) {
    371403                if ('' == $user->user_nicename) {
    372404                        $newname = sanitize_title($user->user_nickname);
     405                        // @RawSQLUse, method_exists
    373406                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) );
    374407                }
    375408        }
    376409
     410        // @RawSQLUse, trivial_implementation
    377411        $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users");
    378412        foreach ($users as $row) {
    379413                if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) {
     414                        // @RawSQLUse, method_exists
    380415                        $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\'');
    381416                }
    382417        }
     
    401436        // Check if we already set the GMT fields (if we did, then
    402437        // MAX(post_date_gmt) can't be '0000-00-00 00:00:00'
    403438        // <michel_v> I just slapped myself silly for not thinking about it earlier
     439        // @RawSQLUse, simple_code
    404440        $got_gmt_fields = ($wpdb->get_var("SELECT MAX(post_date_gmt) FROM $wpdb->posts") == '0000-00-00 00:00:00') ? false : true;
    405441
    406442        if (!$got_gmt_fields) {
     
    408444                // Add or substract time to all dates, to get GMT dates
    409445                $add_hours = intval($diff_gmt_weblogger);
    410446                $add_minutes = intval(60 * ($diff_gmt_weblogger - $add_hours));
     447                // @RawSQLUse, simple_code
    411448                $wpdb->query("UPDATE $wpdb->posts SET post_date_gmt = DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)");
     449                // @RawSQLUse, simple_code
    412450                $wpdb->query("UPDATE $wpdb->posts SET post_modified = post_date");
     451                // @RawSQLUse, simple_code
    413452                $wpdb->query("UPDATE $wpdb->posts SET post_modified_gmt = DATE_ADD(post_modified, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE) WHERE post_modified != '0000-00-00 00:00:00'");
     453                // @RawSQLUse, simple_code
    414454                $wpdb->query("UPDATE $wpdb->comments SET comment_date_gmt = DATE_ADD(comment_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)");
     455                // @RawSQLUse, simple_code
    415456                $wpdb->query("UPDATE $wpdb->users SET user_registered = DATE_ADD(user_registered, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)");
    416457        }
    417458
     
    426467        global $wpdb;
    427468
    428469        // Remove extraneous backslashes.
     470        // @RawSQLUse, trivial_implementation
    429471        $posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt, guid, post_date, post_name, post_status, post_author FROM $wpdb->posts");
    430472        if ($posts) {
    431473                foreach($posts as $post) {
     
    436478                                $guid = get_permalink($post->ID);
    437479                        else
    438480                                $guid = $post->guid;
    439 
     481                        // @RawSQLUse, method_exists
    440482                        $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'");
    441483                }
    442484        }
    443485
    444486        // Remove extraneous backslashes.
     487        // @RawSQLUse, trivial_implementation
    445488        $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments");
    446489        if ($comments) {
    447490                foreach($comments as $comment) {
    448491                        $comment_content = addslashes(deslash($comment->comment_content));
    449492                        $comment_author = addslashes(deslash($comment->comment_author));
     493                        // @RawSQLUse, method_exists
    450494                        $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'");
    451495                }
    452496        }
    453497
    454498        // Remove extraneous backslashes.
     499        // @RawSQLUse, trivial_implementation
    455500        $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links");
    456501        if ($links) {
    457502                foreach($links as $link) {
    458503                        $link_name = addslashes(deslash($link->link_name));
    459504                        $link_description = addslashes(deslash($link->link_description));
     505                        // @RawSQLUse, method_exists
    460506                        $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'");
    461507                }
    462508        }
    463509
    464510        // The "paged" option for what_to_show is no more.
     511        // @RawSQLUse, trivial_implementation
    465512        if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') {
     513                // @RawSQLUse, method_exists
    466514                $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'");
    467515        }
    468516
     
    476524        }
    477525
    478526        // Obsolete tables
     527        // @RawSQLUse, trivial_implementation
    479528        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optionvalues');
     529        // @RawSQLUse, trivial_implementation
    480530        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiontypes');
     531        // @RawSQLUse, trivial_implementation
    481532        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroups');
     533        // @RawSQLUse, trivial_implementation
    482534        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroup_options');
    483535
    484536        // Update comments table to use comment_type
     537        // @RawSQLUse, simple_code
    485538        $wpdb->query("UPDATE $wpdb->comments SET comment_type='trackback', comment_content = REPLACE(comment_content, '<trackback />', '') WHERE comment_content LIKE '<trackback />%'");
     539        // @RawSQLUse, simple_code
    486540        $wpdb->query("UPDATE $wpdb->comments SET comment_type='pingback', comment_content = REPLACE(comment_content, '<pingback />', '') WHERE comment_content LIKE '<pingback />%'");
    487541
    488542        // Some versions have multiple duplicate option_name rows with the same values
     543        // @RawSQLUse, simple_code
    489544        $options = $wpdb->get_results("SELECT option_name, COUNT(option_name) AS dupes FROM `$wpdb->options` GROUP BY option_name");
    490545        foreach ( $options as $option ) {
    491546                if ( 1 != $option->dupes ) { // Could this be done in the query?
    492547                        $limit = $option->dupes - 1;
     548                        // @RawSQLUse, simple_code
    493549                        $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) );
    494550                        $dupe_ids = join($dupe_ids, ',');
     551                        // @RawSQLUse, algorithmic
    495552                        $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)");
    496553                }
    497554        }
     
    509566
    510567        populate_roles_160();
    511568
     569        // @RawSQLUse, method_exists
    512570        $users = $wpdb->get_results("SELECT * FROM $wpdb->users");
    513571        foreach ( $users as $user ) :
    514572                if ( !empty( $user->user_firstname ) )
     
    539597                        if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
    540598                        if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
    541599                        if (!$idmode) $id = $user->user_nickname;
     600                        // @RawSQLUse, method_exists
    542601                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) );
    543602                endif;
    544603
     
    554613        $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' );
    555614        $wpdb->hide_errors();
    556615        foreach ( $old_user_fields as $old )
     616                // @RawSQLUse, trivial_implementation
    557617                $wpdb->query("ALTER TABLE $wpdb->users DROP $old");
    558618        $wpdb->show_errors();
    559619
    560620        // populate comment_count field of posts table
     621        // @RawSQLUse, simple_code
    561622        $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" );
    562623        if( is_array( $comments ) ) {
    563624                foreach ($comments as $comment) {
     625                        // @RawSQLUse, method_exists
    564626                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) );
    565627                }
    566628        }
     
    568630        // Some alpha versions used a post status of object instead of attachment and put
    569631        // the mime type in post_type instead of post_mime_type.
    570632        if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) {
     633                // @RawSQLUse, trivial_implementation
    571634                $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
    572635                foreach ($objects as $object) {
     636                        // @RawSQLUse, method_exists
    573637                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment',
    574638                        post_mime_type = %s,
    575639                        post_type = ''
     
    592656
    593657        if ( $wp_current_db_version < 3506 ) {
    594658                // Update status and type.
     659                // @RawSQLUse, trivial_implementation
    595660                $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts");
    596661
    597662                if ( ! empty($posts) ) foreach ($posts as $post) {
     
    605670                                $status = 'inherit';
    606671                                $type = 'attachment';
    607672                        }
    608 
     673                        // @RawSQLUse, method_exists
    609674                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) );
    610675                }
    611676        }
     
    617682        if ( $wp_current_db_version < 3531 ) {
    618683                // Give future posts a post_status of future.
    619684                $now = gmdate('Y-m-d H:i:59');
     685                // @RawSQLUse, method_exists
    620686                $wpdb->query ("UPDATE $wpdb->posts SET post_status = 'future' WHERE post_status = 'publish' AND post_date_gmt > '$now'");
    621687
     688                // @RawSQLUse, method_exists
    622689                $posts = $wpdb->get_results("SELECT ID, post_date FROM $wpdb->posts WHERE post_status ='future'");
    623690                if ( !empty($posts) )
    624691                        foreach ( $posts as $post )
     
    641708        // Convert categories to terms.
    642709        $tt_ids = array();
    643710        $have_tags = false;
     711        // @RawSQLUse, simple_code
    644712        $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID");
    645713        foreach ($categories as $category) {
    646714                $term_id = (int) $category->cat_ID;
     
    651719                $term_group = 0;
    652720
    653721                // Associate terms with the same slug in a term group and make slugs unique.
     722                // @RawSQLUse, trivial_implementation
    654723                if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    655724                        $term_group = $exists[0]->term_group;
    656725                        $id = $exists[0]->term_id;
     
    658727                        do {
    659728                                $alt_slug = $slug . "-$num";
    660729                                $num++;
     730                                // @RawSQLUse, trivial_implementation
    661731                                $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) );
    662732                        } while ( $slug_check );
    663733
    664734                        $slug = $alt_slug;
    665735
    666736                        if ( empty( $term_group ) ) {
     737                                // @RawSQLUse, simple_code
    667738                                $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
     739                                // @RawSQLUse, method_exists
    668740                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) );
    669741                        }
    670742                }
    671 
     743                // @RawSQLUse, method_exists
    672744                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES
    673745                (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) );
    674746
     
    676748                if ( !empty($category->category_count) ) {
    677749                        $count = (int) $category->category_count;
    678750                        $taxonomy = 'category';
     751                        // @RawSQLUse, method_exists
    679752                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    680753                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    681754                }
     
    683756                if ( !empty($category->link_count) ) {
    684757                        $count = (int) $category->link_count;
    685758                        $taxonomy = 'link_category';
     759                        // @RawSQLUse, method_exists
    686760                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    687761                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    688762                }
     
    691765                        $have_tags = true;
    692766                        $count = (int) $category->tag_count;
    693767                        $taxonomy = 'post_tag';
     768                        // @RawSQLUse, method_exists
    694769                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    695770                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    696771                }
     
    698773                if ( empty($count) ) {
    699774                        $count = 0;
    700775                        $taxonomy = 'category';
     776                        // @RawSQLUse, method_exists
    701777                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    702778                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    703779                }
     
    707783        if ( $have_tags )
    708784                $select .= ', rel_type';
    709785
     786        // @RawSQLUse, simple_code
    710787        $posts = $wpdb->get_results("SELECT $select FROM $wpdb->post2cat GROUP BY post_id, category_id");
    711788        foreach ( $posts as $post ) {
    712789                $post_id = (int) $post->post_id;
     
    717794                $tt_id = $tt_ids[$term_id][$taxonomy];
    718795                if ( empty($tt_id) )
    719796                        continue;
    720 
     797               
     798                // @RawSQLUse, method_exists
    721799                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) );
    722800        }
    723801
     
    728806                $link_cat_id_map = array();
    729807                $default_link_cat = 0;
    730808                $tt_ids = array();
     809                // @RawSQLUse, trivial_implementation
    731810                $link_cats = $wpdb->get_results("SELECT cat_id, cat_name FROM " . $wpdb->prefix . 'linkcategories');
    732811                foreach ( $link_cats as $category) {
    733812                        $cat_id = (int) $category->cat_id;
     
    737816                        $term_group = 0;
    738817
    739818                        // Associate terms with the same slug in a term group and make slugs unique.
     819                        // @RawSQLUse, trivial_implementation
    740820                        if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    741821                                $term_group = $exists[0]->term_group;
    742822                                $term_id = $exists[0]->term_id;
    743823                        }
    744824
    745825                        if ( empty($term_id) ) {
     826                                // @RawSQLUse, method_exists
    746827                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) );
    747828                                $term_id = (int) $wpdb->insert_id;
    748829                        }
    749830
    750831                        $link_cat_id_map[$cat_id] = $term_id;
    751832                        $default_link_cat = $term_id;
    752 
     833                       
     834                        // @RawSQLUse, method_exists                   
    753835                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) );
    754836                        $tt_ids[$term_id] = (int) $wpdb->insert_id;
    755837                }
    756838
    757839                // Associate links to cats.
     840                // @RawSQLUse, trivial_implementation
    758841                $links = $wpdb->get_results("SELECT link_id, link_category FROM $wpdb->links");
    759842                if ( !empty($links) ) foreach ( $links as $link ) {
    760843                        if ( 0 == $link->link_category )
     
    766849                        if ( empty($tt_id) )
    767850                                continue;
    768851
     852                        // @RawSQLUse, method_exists
    769853                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) );
    770854                }
    771855
    772856                // Set default to the last category we grabbed during the upgrade loop.
    773857                update_option('default_link_category', $default_link_cat);
    774858        } else {
     859                // @RawSQLUse, simple_code
    775860                $links = $wpdb->get_results("SELECT link_id, category_id FROM $wpdb->link2cat GROUP BY link_id, category_id");
    776861                foreach ( $links as $link ) {
    777862                        $link_id = (int) $link->link_id;
     
    781866                        if ( empty($tt_id) )
    782867                                continue;
    783868
     869                        // @RawSQLUse, method_exists
    784870                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) );
    785871                }
    786872        }
    787873
    788874        if ( $wp_current_db_version < 4772 ) {
    789875                // Obsolete linkcategories table
     876                // @RawSQLUse, trivial_implementation
    790877                $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'linkcategories');
    791878        }
    792879
    793880        // Recalculate all counts
     881        // @RawSQLUse, trivial_implementation
    794882        $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy");
    795883        foreach ( (array) $terms as $term ) {
    796884                if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) )
     885                        // @RawSQLUse, simple_code
    797886                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) );
    798887                else
     888                        // @RawSQLUse, simple_code
    799889                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) );
     890                        // @RawSQLUse, method_exists
    800891                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) );
    801892        }
    802893}
     
    811902        $old_options_fields = array( 'option_can_override', 'option_type', 'option_width', 'option_height', 'option_description', 'option_admin_level' );
    812903        $wpdb->hide_errors();
    813904        foreach ( $old_options_fields as $old )
     905                // @RawSQLUse, trivial_implementation
    814906                $wpdb->query("ALTER TABLE $wpdb->options DROP $old");
    815907        $wpdb->show_errors();
    816908}
     
    822914 */
    823915function upgrade_230_old_tables() {
    824916        global $wpdb;
     917        // @RawSQLUse, trivial_implementation
    825918        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'categories');
     919        // @RawSQLUse, trivial_implementation
    826920        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'link2cat');
     921        // @RawSQLUse, trivial_implementation
    827922        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'post2cat');
    828923}
    829924
     
    835930function upgrade_old_slugs() {
    836931        // upgrade people who were using the Redirect Old Slugs plugin
    837932        global $wpdb;
     933        // @RawSQLUse, method_exists
    838934        $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '_wp_old_slug' WHERE meta_key = 'old_slug'");
    839935}
    840936
     
    872968function upgrade_252() {
    873969        global $wpdb;
    874970
     971        // @RawSQLUse, method_exists
    875972        $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''");
    876973}
    877974
     
    9051002
    9061003        // Update post_date for unpublished posts with empty timestamp
    9071004        if ( $wp_current_db_version < 8921 )
     1005                // @RawSQLUse, method_exists
    9081006                $wpdb->query( "UPDATE $wpdb->posts SET post_date = post_modified WHERE post_date = '0000-00-00 00:00:00'" );
    9091007}
    9101008
     
    9261024 */
    9271025function maybe_create_table($table_name, $create_ddl) {
    9281026        global $wpdb;
     1027        // @RawSQLUse, trivial_implementation
    9291028        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    9301029                if ($table == $table_name) {
    9311030                        return true;
     
    9341033        //didn't find it try to create it.
    9351034        $q = $wpdb->query($create_ddl);
    9361035        // we cannot directly tell that whether this succeeded!
     1036        // @RawSQLUse, trivial_implementation
    9371037        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    9381038                if ($table == $table_name) {
    9391039                        return true;
     
    9561056function drop_index($table, $index) {
    9571057        global $wpdb;
    9581058        $wpdb->hide_errors();
     1059        // @RawSQLUse, trivial_implementation
    9591060        $wpdb->query("ALTER TABLE `$table` DROP INDEX `$index`");
    9601061        // Now we need to take out all the extra ones we may have created
    9611062        for ($i = 0; $i < 25; $i++) {
     1063                // @RawSQLUse, trivial_implementation
    9621064                $wpdb->query("ALTER TABLE `$table` DROP INDEX `{$index}_$i`");
    9631065        }
    9641066        $wpdb->show_errors();
     
    9791081function add_clean_index($table, $index) {
    9801082        global $wpdb;
    9811083        drop_index($table, $index);
     1084        // @RawSQLUse, trivial_implementation
    9821085        $wpdb->query("ALTER TABLE `$table` ADD INDEX ( `$index` )");
    9831086        return true;
    9841087}
     
    9911094 */
    9921095function maybe_add_column($table_name, $column_name, $create_ddl) {
    9931096        global $wpdb, $debug;
     1097        // @RawSQLUse, trivial_implementation
    9941098        foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) {
    9951099                if ($debug) echo("checking $column == $column_name<br />");
    9961100                if ($column == $column_name) {
     
    10001104        //didn't find it try to create it.
    10011105        $q = $wpdb->query($create_ddl);
    10021106        // we cannot directly tell that whether this succeeded!
     1107        // @RawSQLUse, trivial_implementation
    10031108        foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) {
    10041109                if ($column == $column_name) {
    10051110                        return true;
     
    10171122 */
    10181123function get_alloptions_110() {
    10191124        global $wpdb;
     1125        // @RawSQLUse, trivial_implementation
    10201126        if ($options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options")) {
    10211127                foreach ($options as $option) {
    10221128                        // "When trying to design a foolproof system,
     
    10501156                return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
    10511157        }
    10521158
     1159        // @RawSQLUse, trivial_implementation
    10531160        $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) );
    10541161
    10551162        if ( 'home' == $setting && '' == $option )
     
    11371244        }
    11381245
    11391246        // Check to see which tables and fields exist
     1247        // @RawSQLUse, trivial_implementation
    11401248        if($tables = $wpdb->get_col('SHOW TABLES;')) {
    11411249                // For every table in the database
    11421250                foreach($tables as $table) {
     
    11831291                                }
    11841292
    11851293                                // Fetch the table column structure from the database
     1294                                // @RawSQLUse, trivial_implementation
    11861295                                $tablefields = $wpdb->get_results("DESCRIBE {$table};");
    11871296
    11881297                                // For every field in the table
     
    12291338
    12301339                                // Index stuff goes here
    12311340                                // Fetch the table index structure from the database
     1341                                // @RawSQLUse, trivial_implementation
    12321342                                $tableindices = $wpdb->get_results("SHOW INDEX FROM {$table};");
    12331343
    12341344                                if($tableindices) {
  • wp-admin/includes/dashboard.php

     
    437437        $comments = array();
    438438        $start = 0;
    439439
     440        // @RawSQLUse, simple_code
    440441        while ( count( $comments ) < 5 && $possible = $wpdb->get_results( "SELECT * FROM $wpdb->comments ORDER BY comment_date_gmt DESC LIMIT $start, 50" ) ) {
    441442
    442443                foreach ( $possible as $comment ) {
  • wp-admin/includes/schema.php

     
    311311        // Set up a few options not to load by default
    312312        $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' );
    313313        foreach ($fatoptions as $fatoption) :
     314                // @RawSQLUse, method_exists
    314315                $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'");
    315316        endforeach;
    316317}
  • wp-admin/includes/comment.php

     
    1919function comment_exists($comment_author, $comment_date) {
    2020        global $wpdb;
    2121
     22        // @RawSQLUse, trivial_implementation
    2223        return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
    2324                        WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
    2425}
     
    112113        $post_id = array_map('intval', $post_id);
    113114        $post_id = "'" . implode("', '", $post_id) . "'";
    114115
     116        // @RawSQLUse, simple_code
    115117        $pending = $wpdb->get_results( "SELECT comment_post_ID, COUNT(comment_ID) as num_comments FROM $wpdb->comments WHERE comment_post_ID IN ( $post_id ) AND comment_approved = '0' GROUP BY comment_post_ID", ARRAY_N );
    116118
    117119        if ( empty($pending) )
  • wp-admin/includes/template.php

     
    16871687                        // catch and repair bad pages
    16881688                        if ( $page->post_parent == $page->ID ) {
    16891689                                $page->post_parent = 0;
     1690                                // @RawSQLUse, method_exists
    16901691                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) );
    16911692                                clean_page_cache( $page->ID );
    16921693                        }
     
    19741975                $query = "FROM $wpdb->comments USE INDEX (comment_date_gmt) WHERE $approved $post $typesql";
    19751976        }
    19761977
     1978    // @RawSQLUse, algorithmic
    19771979        $comments = $wpdb->get_results("SELECT * $query $orderby");
     1980    // @RawSQLUse, algorithmic
    19781981        if ( '' === $total )
    19791982                $total = $wpdb->get_var("SELECT COUNT(comment_ID) $query");
    19801983
     
    23682371function meta_form() {
    23692372        global $wpdb;
    23702373        $limit = (int) apply_filters( 'postmeta_form_limit', 30 );
     2374        // @RawSQLUse, algorithmic
    23712375        $keys = $wpdb->get_col( "
    23722376                SELECT meta_key
    23732377                FROM $wpdb->postmeta
     
    25262530 */
    25272531function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
    25282532        global $wpdb, $post_ID;
     2533        // @RawSQLUse, simple_code
    25292534        $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) );
    25302535
    25312536        if ( $items ) {
  • wp-admin/includes/user.php

     
    197197function get_author_user_ids() {
    198198        global $wpdb;
    199199        $level_key = $wpdb->prefix . 'user_level';
     200        // @RawSQLUse, trivial_implementation
    200201        return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) );
    201202}
    202203
     
    219220                return false;
    220221        } else {
    221222                $editable = join(',', $editable);
     223                // @RawSQLUse, simple_code
    222224                $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" );
    223225        }
    224226
     
    250252
    251253        $level_key = $wpdb->prefix . 'user_level';
    252254
     255        // @RawSQLUse, trivial_implementation
    253256        $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key);
    254257        if ( $exclude_zeros )
    255258                $query .= " AND meta_value != '0'";
     
    295298        global $wpdb;
    296299        $level_key = $wpdb->prefix . 'user_level';
    297300
     301        // @RawSQLUse, trivial_implementation
    298302        return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) );
    299303}
    300304
     
    323327                $other_unpubs = '';
    324328        } else {
    325329                $editable = join(',', $editable);
     330                // @RawSQLUse, simple_code
    326331                $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) );
    327332        }
    328333
     
    388393 */
    389394function get_users_drafts( $user_id ) {
    390395        global $wpdb;
     396        // @RawSQLUse, simple_code
    391397        $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
    392398        $query = apply_filters('get_users_drafts', $query);
    393399        return $wpdb->get_results( $query );
     
    413419        $id = (int) $id;
    414420
    415421        if ($reassign == 'novalue') {
     422                // @RawSQLUse, trivial_implementation
    416423                $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) );
    417424
    418425                if ($post_ids) {
     
    421428                }
    422429
    423430                // Clean links
     431                // @RawSQLUse, trivial_implementation
    424432                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) );
    425433        } else {
    426434                $reassign = (int) $reassign;
     435                // @RawSQLUse, method_exists
    427436                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) );
     437                // @RawSQLUse, method_exists
    428438                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) );
    429439        }
    430440
    431441        // FINALLY, delete user
    432442        do_action('delete_user', $id);
    433443
     444        // @RawSQLUse, trivial_implementation
    434445        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) );
     446        // @RawSQLUse, trivial_implementation
    435447        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) );
    436448
    437449        wp_cache_delete($id, 'users');
     
    628640         *
    629641         * @since unknown
    630642         * @access public
     643         * @RawSQLUse, algorithmic
    631644         */
    632645        function prepare_query() {
    633646                global $wpdb;
     
    663676         */
    664677        function query() {
    665678                global $wpdb;
     679                // @RawSQLUse, simple_code
    666680                $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_sort . $this->query_limit);
    667681
    668682                if ( $this->results )
     683                        // @RawSQLUse, simple_code
    669684                        $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit
    670685                else
    671686                        $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!'));
  • wp-admin/includes/media.php

     
    4141        }
    4242
    4343        if ( intval($_REQUEST['post_id']) )
     44                // @RawSQLUse, simple_code
    4445                $attachments = intval($wpdb->get_var($wpdb->prepare("SELECT count(*) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $_REQUEST['post_id'])));
    4546
    4647        if ( empty($attachments) ) {
     
    17161717<div class="alignleft actions">
    17171718<?php
    17181719
     1720// @RawSQLUse, simple_code
    17191721$arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC";
    17201722
    17211723$arc_result = $wpdb->get_results( $arc_query );
  • wp-admin/includes/export.php

     
    4141}
    4242
    4343// grab a snapshot of post IDs, just in case it changes during the export
     44// @RawSQLUse, simple_code
    4445$post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts $where ORDER BY post_date_gmt ASC");
    4546
    4647$categories = (array) get_categories('get=all');
     
    263264                // fetch 20 posts at a time rather than loading the entire table into memory
    264265                while ( $next_posts = array_splice($post_ids, 0, 20) ) {
    265266                        $where = "WHERE ID IN (".join(',', $next_posts).")";
     267                        // @RawSQLUse, simple_code
    266268                        $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_date_gmt ASC");
    267269                                foreach ($posts as $post) {
    268270                        // Don't export revisions.  They bloat the export.
     
    296298<wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url>
    297299<?php } ?>
    298300<?php
     301// @RawSQLUse, trivial_implementation
    299302$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
    300303if ( $postmeta ) {
    301304?>
     
    307310<?php } ?>
    308311<?php } ?>
    309312<?php
     313// @RawSQLUse, trivial_implementation
    310314$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
    311315if ( $comments ) { foreach ( $comments as $c ) { ?>
    312316<wp:comment>
  • wp-admin/install-helper.php

     
    7373 */
    7474function maybe_create_table($table_name, $create_ddl) {
    7575        global $wpdb;
     76        // @RawSQLUse, trivial_implementation
    7677        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    7778                if ($table == $table_name) {
    7879                        return true;
     
    8182        //didn't find it try to create it.
    8283        $wpdb->query($create_ddl);
    8384        // we cannot directly tell that whether this succeeded!
     85        // @RawSQLUse, trivial_implementation
    8486        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) {
    8587                if ($table == $table_name) {
    8688                        return true;
     
    107109 */
    108110function maybe_add_column($table_name, $column_name, $create_ddl) {
    109111        global $wpdb, $debug;
     112        // @RawSQLUse, trivial_implementation
    110113        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) {
    111114                if ($debug) echo("checking $column == $column_name<br />");
    112115
     
    117120        //didn't find it try to create it.
    118121        $wpdb->query($create_ddl);
    119122        // we cannot directly tell that whether this succeeded!
     123        // @RawSQLUse, trivial_implementation
    120124        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) {
    121125                if ($column == $column_name) {
    122126                        return true;
     
    141145 */
    142146function maybe_drop_column($table_name, $column_name, $drop_ddl) {
    143147        global $wpdb;
     148        // @RawSQLUse, trivial_implementation
    144149        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) {
    145150                if ($column == $column_name) {
    146151                        //found it try to drop it.
    147152                        $wpdb->query($drop_ddl);
    148153                        // we cannot directly tell that whether this succeeded!
     154                        // @RawSQLUse, trivial_implementation
    149155                        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) {
    150156                                if ($column == $column_name) {
    151157                                        return false;
     
    189195function check_column($table_name, $col_name, $col_type, $is_null = null, $key = null, $default = null, $extra = null) {
    190196        global $wpdb, $debug;
    191197        $diffs = 0;
     198        // @RawSQLUse, trivial_implementation
    192199        $results = $wpdb->get_results("DESC $table_name");
    193200
    194201        foreach ($results as $row ) {
  • wp-admin/import/btt.php

     
    7777                echo '<p><h3>'.__('Reading Bunny&#8217;s Technorati Tags&#8230;').'</h3></p>';
    7878
    7979                // import Bunny's Keywords tags
     80                // @RawSQLUse, trivial_implementation
    8081                $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'");
    8182                if ( !is_array($metakeys)) {
    8283                        echo '<p>' . __('No Tags Found!') . '</p>';
  • wp-admin/import/jkw.php

     
    9292                echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>';
    9393
    9494                // import Jerome's Keywords tags
     95                // @RawSQLUse, trivial_implementation
    9596                $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'");
    9697                if ( !is_array($metakeys)) {
    9798                        echo '<p>' . __('No Tags Found!') . '</p>';
     
    133134
    134135                // import Jerome's Keywords tags
    135136                $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1);
     137                // @RawSQLUse, trivial_implementation
    136138                $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename");
    137139                if ( !is_array($metakeys) ) {
    138140                        echo '<p>' . __('No Tags Found!') . '</p>';
     
    164166                /* options from V2.0a (jeromes-keywords.php) */
    165167                $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin');
    166168
     169                // @RawSQLUse, trivial_implementation
    167170                $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1));
    168171
    169172                foreach ( $options as $o )
  • wp-admin/import/dotclear.php

     
    2626        function get_comment_count($post_ID)
    2727        {
    2828                global $wpdb;
     29                // @RawSQLUse, simple_code
    2930                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    3031        }
    3132}
     
    4445        function link_exists($linkname)
    4546        {
    4647                global $wpdb;
     48                // @RawSQLUse, trivial_implementation
    4749                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
    4850        }
    4951}
     
    228230                $dbprefix = get_option('dcdbprefix');
    229231
    230232                // Get Categories
     233                // @RawSQLUse, trivial_implementation
    231234                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A);
    232235        }
    233236
     
    241244
    242245                // Get Users
    243246
     247                // @RawSQLUse, trivial_implementation
    244248                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A);
    245249        }
    246250
     
    252256                $dbprefix = get_option('dcdbprefix');
    253257
    254258                // Get Posts
     259                // @RawSQLUse, algorithmic
    255260                return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name
    256261                                                FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie
    257262                                                ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A);
     
    266271                $dbprefix = get_option('dcdbprefix');
    267272
    268273                // Get Comments
     274                // @RawSQLUse, trivial_implementation
    269275                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A);
    270276        }
    271277
     
    276282                set_magic_quotes_runtime(0);
    277283                $dbprefix = get_option('dcdbprefix');
    278284
     285                // @RawSQLUse, simple_code
    279286                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A);
    280287        }
    281288
  • wp-admin/import/stp.php

     
    117117        function get_stp_posts ( ) {
    118118                global $wpdb;
    119119                // read in all the posts from the STP post->tag table: should be wp_post2tag
     120                // @RawSQLUse, trivial_implementation
    120121                $posts_query = "SELECT post_id, tag_name FROM " . $wpdb->prefix . "stp_tags";
    121122                $posts = $wpdb->get_results($posts_query);
    122123                return $posts;
  • wp-admin/import/wp-cat2tag.php

     
    270270                                        }
    271271
    272272                                        if ( $values ) {
     273                                                // @RawSQLUse, simple_code
    273274                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)");
    274275
     276                                                // @RawSQLUse, method_exists
    275277                                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $category->count, $category->term_id) );
    276278                                        }
    277279
     
    280282                                }
    281283
    282284                                // if tag already exists, add it to all posts in the category
     285                                // @RawSQLUse, trivial_implementation
    283286                                if ( $tag_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $category->term_id) ) ) {
    284287                                        $objects_ids = get_objects_in_term($category->term_id, 'category');
    285288                                        $tag_ttid = (int) $tag_ttid;
     
    289292                                                $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tag_ttid, $term_order);
    290293
    291294                                        if ( $values ) {
     295                                                // @RawSQLUse, simple_code
    292296                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)");
    293297
     298                                                // @RawSQLUse, simple_code
    294299                                                $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag_ttid) );
     300                                                // @RawSQLUse, method_exists
    295301                                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $count, $category->term_id) );
    296302                                        }
    297303                                        echo __('Tag added to all posts in this category.') . " *</li>\n";
     
    303309                                        continue;
    304310                                }
    305311
     312                                // @RawSQLUse, trivial_implementation
    306313                                $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
    307314                                if ( $tt_ids ) {
     315                                        // @RawSQLUse, simple_code
    308316                                        $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id");
    309317                                        foreach ( (array) $posts as $post )
    310318                                                clean_post_cache($post);
    311319                                }
    312320
    313321                                // Change the category to a tag.
     322                                // @RawSQLUse, method_exists
    314323                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
    315324
    316325                                // Set all parents to 0 (root-level) if their parent was the converted tag
     326                                // @RawSQLUse, method_exists
    317327                                $parents = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
    318328
    319329                                if ( $parents ) $clear_parents = true;
     
    366376                        if ( $tag = get_term( $tag_id, 'post_tag' ) ) {
    367377                                printf('<li>' . __('Converting tag <strong>%s</strong> ... '),  $tag->name);
    368378
     379                                // @RawSQLUse, trivial_implementation
    369380                                if ( $cat_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $tag->term_id) ) ) {
    370381                                        $objects_ids = get_objects_in_term($tag->term_id, 'post_tag');
    371382                                        $cat_ttid = (int) $cat_ttid;
     
    377388                                        }
    378389
    379390                                        if ( $values ) {
     391                                                // @RawSQLUse, simple_code
    380392                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)");
    381393
    382394                                                if ( $default_cat != $tag->term_id ) {
     395                                                        // @RawSQLUse, simple_code
    383396                                                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag->term_id) );
     397                                                        // @RawSQLUse, method_exists
    384398                                                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'category'", $count, $tag->term_id) );
    385399                                                }
    386400                                        }
     
    394408                                }
    395409
    396410                                // Change the tag to a category.
     411                                // @RawSQLUse, trivial_implementation
    397412                                $parent = $wpdb->get_var( $wpdb->prepare("SELECT parent FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) );
    398413                                if ( 0 == $parent || (0 < (int) $parent && $this->_category_exists($parent)) ) {
    399414                                        $reset_parent = '';
     
    401416                                } else
    402417                                        $reset_parent = ", parent = '0'";
    403418
     419                                // @RawSQLUse, method_exists
    404420                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'category' $reset_parent WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) );
    405421
    406422                                $clean_term_cache[] = $tag->term_id;
  • wp-admin/import/utw.php

     
    187187                global $wpdb;
    188188
    189189                // read in all the tags from the UTW tags table: should be wp_tags
     190                // @RawSQLUse, trivial_implementation
    190191                $tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags";
    191192
    192193                $tags = $wpdb->get_results($tags_query);
     
    207208                global $wpdb;
    208209
    209210                // read in all the posts from the UTW post->tag table: should be wp_post2tag
     211                // @RawSQLUse, trivial_implementation
    210212                $posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag";
    211213
    212214                $posts = $wpdb->get_results($posts_query);
  • wp-admin/import/mt.php

     
    5757
    5858        function users_form($n) {
    5959                global $wpdb;
     60                // @RawSQLUse, simple_code
    6061                $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID");
    6162?><select name="userselect[<?php echo $n; ?>]">
    6263        <option value="#NONE#"><?php _e('- Select -') ?></option>
  • wp-admin/import/blogger.php

     
    647647
    648648                if ( !isset( $blog['authors'] ) ) {
    649649                        $post_ids = array_values($blog['posts']);
     650                        // @RawSQLUse, algorithmic
    650651                        $authors = (array) $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN (" . join( ',', $post_ids ) . ")");
    651652                        $blog['authors'] = array_map(null, $authors, array_fill(0, count($authors), $current_user->ID));
    652653                        $this->save_vars();
     
    685686                $host = $this->blogs[$importing_blog]['host'];
    686687
    687688                // Get an array of posts => authors
     689                // @RawSQLUse, trivial_implementation
    688690                $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
    689691                $post_ids = join( ',', $post_ids );
     692                // @RawSQLUse, algorithmic
    690693                $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
    691694                foreach ( $results as $row )
    692695                        $authors_posts[$row->post_id] = $row->meta_value;
     
    702705                        $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
    703706                        $post_ids = join( ',', $post_ids);
    704707
     708                        // @RawSQLUse, algorithmic
    705709                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
    706710                        $this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
    707711                }
     
    762766                        $this->revoke( $options['token'] );
    763767
    764768                delete_option('blogger_importer');
     769                // @RawSQLUse, trivial_implementation
    765770                $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'");
    766771                wp_redirect('?import=blogger');
    767772        }
  • wp-admin/import/textpattern.php

     
    2020        function get_comment_count($post_ID)
    2121        {
    2222                global $wpdb;
     23                // @RawSQLUse, simple_code
    2324                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    2425        }
    2526}
     
    3839        function link_exists($linkname)
    3940        {
    4041                global $wpdb;
     42                // @RawSQLUse, trivial_implementation
    4143                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
    4244        }
    4345}
     
    8486                $prefix = get_option('tpre');
    8587
    8688                // Get Categories
     89                // @RawSQLUse, trivial_implementation
    8790                return $txpdb->get_results('SELECT
    8891                        id,
    8992                        name,
     
    103106
    104107                // Get Users
    105108
     109                // @RawSQLUse, trivial_implementation
    106110                return $txpdb->get_results('SELECT
    107111                        user_id,
    108112                        name,
     
    120124                $prefix = get_option('tpre');
    121125
    122126                // Get Posts
     127                // @RawSQLUse, trivial_implementation
    123128                return $txpdb->get_results('SELECT
    124129                        ID,
    125130                        Posted,
     
    147152                $prefix = get_option('tpre');
    148153
    149154                // Get Comments
     155                // @RawSQLUse, trivial_implementation
    150156                return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A);
    151157        }
    152158
     
    157163                set_magic_quotes_runtime(0);
    158164                $prefix = get_option('tpre');
    159165
     166                // @RawSQLUse, trivial_implementation
    160167                return $txpdb->get_results('SELECT
    161168                        id,
    162169                        date,
  • wp-admin/import/wordpress.php

     
    663663                global $wpdb;
    664664                foreach ($this->url_remap as $from_url => $to_url) {
    665665                        // remap urls in post_content
     666                        // @RawSQLUse, simple_code
    666667                        $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_content = REPLACE(post_content, '%s', '%s')", $from_url, $to_url) );
    667668                        // remap enclosure urls
     669                        // @RawSQLUse, simple_code
    668670                        $result = $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->postmeta} SET meta_value = REPLACE(meta_value, '%s', '%s') WHERE meta_key='enclosure'", $from_url, $to_url) );
    669671                }
    670672        }
     
    677679                        $local_child_id = $this->post_ids_processed[$child_id];
    678680                        $local_parent_id = $this->post_ids_processed[$parent_id];
    679681                        if ($local_child_id and $local_parent_id) {
     682                                // @RawSQLUse, method_exists
    680683                                $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id));
    681684                        }
    682685                }
  • wp-admin/upload.php

     
    2020
    2121        if ( ! current_user_can('edit_posts') )
    2222                wp_die( __('You are not allowed to scan for lost attachments.') );
    23 
     23       
     24        // @RawSQLUse, algorithmic
    2425        $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'");
     26        // @RawSQLUse, trivial_implementation
    2527        $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'");
    2628
    2729        $lost = array();
     
    5355
    5456        if ( ! empty($attach) ) {
    5557                $attach = implode(',', $attach);
     58                // @RawSQLUse, algorithmic
    5659                $attached = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ($attach)", $parent_id) );
    5760        }
    5861
     
    113116                $page_links_total = ceil(count($lost) / 50);
    114117                $lost = implode(',', $lost);
    115118
     119                // @RawSQLUse, algorithmic
    116120                $orphans = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'attachment' AND ID IN ($lost) LIMIT $start, 50" );
    117121        } else {
    118122                $start = ( $_GET['paged'] - 1 ) * 25;
     123                // @RawSQLUse, algorithmic
    119124                $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" );
     125                // @RawSQLUse, trivial_implementation
    120126                $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25);
    121127        }
    122128
     
    253259
    254260<?php
    255261if ( ! is_singular() && ! isset($_GET['detached']) ) {
     262        // @RawSQLUse, simple_code
    256263        $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC";
    257264
    258265        $arc_result = $wpdb->get_results( $arc_query );
  • wp-admin/edit-form-advanced.php

     
    438438        <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">trackbacks and pingbacks</a> on this post') ?></label>
    439439</p>
    440440<?php
     441        // @RawSQLUse, algorithmic
    441442        $total = $wpdb->get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID));
    442443
    443444        if ( !$post_ID || $post_ID < 0 || 1 > $total )
  • wp-admin/edit.php

     
    200200
    201201<?php // view filters
    202202if ( !is_singular() ) {
     203// @RawSQLUse, simple_code
    203204$arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC";
    204205
    205206$arc_result = $wpdb->get_results( $arc_query );
  • wp-admin/options.php

     
    9595  <input type='hidden' name='option_page' value='options' />
    9696  <table class="form-table">
    9797<?php
     98// @RawSQLUse, simple_code
    9899$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name");
    99100
    100101foreach ( (array) $options as $option) :
  • wp-admin/link.php

     
    5858                }
    5959                $all_links = join(',', $linkcheck);
    6060                // should now have an array of links we can change
     61                // @RawSQLUse, algorithmic
    6162                //$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
    6263
    6364                wp_redirect($this_file);
  • wp-admin/export.php

     
    3939<select name="author" id="author">
    4040<option value="all" selected="selected"><?php _e('All Authors'); ?></option>
    4141<?php
     42// @RawSQLUse, simple_code
    4243$authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" );
    4344foreach ( $authors as $id ) {
    4445        $o = get_userdata( $id );
  • wp-admin/edit-pages.php

     
    277277
    278278if ( 1 == count($posts) && is_singular() ) :
    279279
     280        // @RawSQLUse, algorithmic
    280281        $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
    281282        if ( $comments ) :
    282283                // Make sure comments, post, and post_author are cached