WordPress.org

Make WordPress Core

Ticket #6836: wordpress-trunk_20090124_sqlannotations.diff

File wordpress-trunk_20090124_sqlannotations.diff, 130.9 KB (added by noroute, 5 years ago)

My Patch to marks/annotates all uses of inline SQL outside of wp-db. This patch includes the cases where a raw SQL update/insert is used instead of the existing methods in wp-db (search for "@RawSQLUse, method_exists"). Also see the discussion on wp-hackers (search for "Making WP more secure the evolutionary way").

  • wp-comments-post.php

     
    1919 
    2020$comment_post_ID = (int) $_POST['comment_post_ID']; 
    2121 
     22// @RawSQLUse, trivial_implementation 
    2223$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 
    2324 
    2425if ( empty($status->comment_status) ) { 
  • wp-login.php

     
    133133        else if ( is_wp_error($allow) ) 
    134134                return $allow; 
    135135 
     136        // @RawSQLUse, trivial_implementation 
    136137        $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 
    137138        if ( empty($key) ) { 
    138139                // Generate something random for a key... 
    139140                $key = wp_generate_password(20, false); 
    140141                do_action('retrieve_password_key', $user_login, $key); 
    141142                // Now insert the new md5 key into the db 
     143                // @RawSQLUse, method_exists 
    142144                $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); 
    143145        } 
    144146        $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; 
     
    169171        if ( empty( $key ) ) 
    170172                return new WP_Error('invalid_key', __('Invalid key')); 
    171173 
     174        // @RawSQLUse, trivial_implementation 
    172175        $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 
    173176        if ( empty( $user ) ) 
    174177                return new WP_Error('invalid_key', __('Invalid key')); 
  • wp-includes/taxonomy.php

     
    248248        $taxonomies = "'" . implode("', '", $taxonomies) . "'"; 
    249249        $terms = "'" . implode("', '", $terms) . "'"; 
    250250 
     251        // @RawSQLUse, algorithmic 
    251252        $object_ids = $wpdb->get_col("SELECT tr.object_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tt.term_id IN ($terms) ORDER BY tr.object_id $order"); 
    252253 
    253254        if ( ! $object_ids ) 
     
    317318                        $term = $term->term_id; 
    318319                $term = (int) $term; 
    319320                if ( ! $_term = wp_cache_get($term, $taxonomy) ) { 
     321                        // @RawSQLUse, algorithmic 
    320322                        $_term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.term_id = %s LIMIT 1", $taxonomy, $term) ); 
    321323                        wp_cache_add($term, $_term, $taxonomy); 
    322324                } 
     
    386388                $value = (int) $value; 
    387389        } 
    388390 
     391        // @RawSQLUse, algorithmic 
    389392        $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) ); 
    390393        if ( !$term ) 
    391394                return false; 
     
    590593 * @param string|array $args The values of what to search for when returning terms 
    591594 * @return array|WP_Error List of Term Objects and their children. Will return WP_Error, if any of $taxonomies do not exist. 
    592595 */ 
     596 
    593597function &get_terms($taxonomies, $args = '') { 
    594598        global $wpdb; 
    595599        $empty_array = array(); 
     
    759763        else if ( 'names' == $fields ) 
    760764                $select_this = 't.term_id, tt.parent, tt.count, t.name'; 
    761765 
     766        // @RawSQLUse, algorithmic 
    762767        $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy IN ($in_taxonomies) $where ORDER BY $orderby $order $limit"; 
    763768 
    764769        $terms = $wpdb->get_results($query); 
     
    839844function is_term($term, $taxonomy = '') { 
    840845        global $wpdb; 
    841846 
     847        // @RawSQLUse, algorithmic 
    842848        $select = "SELECT term_id FROM $wpdb->terms as t WHERE "; 
     849        // @RawSQLUse, algorithmic 
    843850        $tax_select = "SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE "; 
    844851 
    845852        if ( is_int($term) ) { 
     
    859866        $else_where = 't.name = %s'; 
    860867 
    861868        if ( !empty($taxonomy) ) { 
     869                // @RawSQLUse, algorithmic 
    862870                if ( $result = $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $slug, $taxonomy), ARRAY_A) ) 
    863871                        return $result; 
    864  
     872                // @RawSQLUse, algorithmic 
    865873                return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A); 
    866874        } 
    867  
     875        // @RawSQLUse, algorithmic 
    868876        if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) ) 
    869877                return $result; 
    870878 
     879        // @RawSQLUse, algorithmic 
    871880        return $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $else_where", $term) ); 
    872881} 
    873882 
     
    10171026        if ( $ignore_empty ) 
    10181027                $where = 'AND count > 0'; 
    10191028 
     1029        // @RawSQLUse, simple_code 
    10201030        return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) ); 
    10211031} 
    10221032 
     
    10461056        foreach ( (array) $taxonomies as $taxonomy ) { 
    10471057                $tt_ids = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids'); 
    10481058                $in_tt_ids = "'" . implode("', '", $tt_ids) . "'"; 
     1059                // @RawSQLUse, algorithmic 
    10491060                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_tt_ids)", $object_id) ); 
    10501061                wp_update_term_count($tt_ids, $taxonomy); 
    10511062        } 
     
    11061117                $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) ); 
    11071118        } 
    11081119 
     1120        // @RawSQLUse, trivial_implementation 
    11091121        $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) ); 
    11101122 
    11111123        foreach ( (array) $objects as $object ) { 
     
    11181130                wp_set_object_terms($object, $terms, $taxonomy); 
    11191131        } 
    11201132 
     1133        // @RawSQLUse, trivial_implementation 
    11211134        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) ); 
    11221135 
    11231136        // Delete the term if no taxonomies use it. 
     1137        // @RawSQLUse, simple_code 
    11241138        if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) ) 
     1139                // @RawSQLUse, trivial_implementation 
    11251140                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) ); 
    11261141 
    11271142        clean_term_cache($term, $taxonomy); 
     
    11641179 * @param array|string $args Change what is returned 
    11651180 * @return array|WP_Error The requested term data or empty array if no terms found. WP_Error if $taxonomy does not exist. 
    11661181 */ 
     1182 
    11671183function wp_get_object_terms($object_ids, $taxonomies, $args = array()) { 
    11681184        global $wpdb; 
    11691185 
     
    12251241        else if ( 'all_with_object_id' == $fields ) 
    12261242                $select_this = 't.*, tt.*, tr.object_id'; 
    12271243 
     1244        // @RawSQLUse, algorithmic 
    12281245        $query = "SELECT $select_this FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tr.object_id IN ($object_ids) ORDER BY $orderby $order"; 
    12291246 
    12301247        if ( 'all' == $fields || 'all_with_object_id' == $fields ) { 
     
    12331250        } else if ( 'ids' == $fields || 'names' == $fields ) { 
    12341251                $terms = array_merge($terms, $wpdb->get_col($query)); 
    12351252        } else if ( 'tt_ids' == $fields ) { 
     1253                // @RawSQLUse, algorithmic 
    12361254                $terms = $wpdb->get_col("SELECT tr.term_taxonomy_id FROM $wpdb->term_relationships AS tr INNER JOIN $wpdb->term_taxonomy AS tt ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tr.object_id IN ($object_ids) AND tt.taxonomy IN ($taxonomies) ORDER BY tr.term_taxonomy_id $order"); 
    12371255        } 
    12381256 
     
    13221340 
    13231341        $term_group = 0; 
    13241342        if ( $alias_of ) { 
     1343                // @RawSQLUse, trivial_implementation 
    13251344                $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 
    13261345                if ( $alias->term_group ) { 
    13271346                        // The alias we want is already in a group, so let's use that one. 
    13281347                        $term_group = $alias->term_group; 
    13291348                } else { 
    13301349                        // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. 
     1350                        // @RawSQLUse, simple_code 
    13311351                        $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; 
     1352                        // @RawSQLUse, method_exists 
    13321353                        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); 
    13331354                } 
    13341355        } 
     
    13511372                $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); 
    13521373        } 
    13531374 
     1375        // @RawSQLUse, algorithmic 
    13541376        $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id ) ); 
    13551377 
    13561378        if ( !empty($tt_id) ) 
     
    14231445                $tt_id = $term_info['term_taxonomy_id']; 
    14241446                $tt_ids[] = $tt_id; 
    14251447 
     1448                // @RawSQLUse, trivial_implementation 
    14261449                if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) ) 
    14271450                        continue; 
    14281451                $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) ); 
     
    14341457                $delete_terms = array_diff($old_tt_ids, $tt_ids); 
    14351458                if ( $delete_terms ) { 
    14361459                        $in_delete_terms = "'" . implode("', '", $delete_terms) . "'"; 
     1460                        // @RawSQLUse, algorithmic 
    14371461                        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) ); 
    14381462                        wp_update_term_count($delete_terms, $taxonomy); 
    14391463                } 
     
    14481472                        if ( in_array($tt_id, $final_tt_ids) ) 
    14491473                                $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tt_id, ++$term_order); 
    14501474                if ( $values ) 
     1475                        // @RawSQLUse, simple_code 
    14511476                        $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 
    14521477        } 
    14531478 
     
    14981523 
    14991524        // If we didn't get a unique slug, try appending a number to make it unique. 
    15001525        if ( !empty($args['term_id']) ) 
     1526                // @RawSQLUse, algorithmic 
    15011527                $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] ); 
    15021528        else 
     1529                // @RawSQLUse, trivial_implementation 
    15031530                $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ); 
    15041531 
    15051532        if ( $wpdb->get_var( $query ) ) { 
     
    15071534                do { 
    15081535                        $alt_slug = $slug . "-$num"; 
    15091536                        $num++; 
     1537                        // @RawSQLUse, trivial_implementation 
    15101538                        $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) ); 
    15111539                } while ( $slug_check ); 
    15121540                $slug = $alt_slug; 
     
    15861614        } 
    15871615 
    15881616        if ( $alias_of ) { 
     1617                // @RawSQLUse, trivial_implementation 
    15891618                $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 
    15901619                if ( $alias->term_group ) { 
    15911620                        // The alias we want is already in a group, so let's use that one. 
    15921621                        $term_group = $alias->term_group; 
    15931622                } else { 
    15941623                        // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. 
     1624                        // @RawSQLUse, simple_code 
    15951625                        $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; 
    15961626                        $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) ); 
    15971627                } 
    15981628        } 
    15991629 
    16001630        // Check for duplicate slug 
     1631        // @RawSQLUse, trivial_implementation 
    16011632        $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); 
    16021633        if ( $id && ($id != $term_id) ) { 
    16031634                // If an empty slug was passed or the parent changed, reset the slug to something unique. 
     
    16151646                $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); 
    16161647        } 
    16171648 
     1649        // @RawSQLUse, algorithmic 
    16181650        $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) ); 
    16191651 
    16201652        $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxonomy_id' => $tt_id ) ); 
     
    17171749        } else { 
    17181750                // Default count updater 
    17191751                foreach ( (array) $terms as $term) { 
     1752                        // @RawSQLUse, simple_code 
    17201753                        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term) ); 
    17211754                        $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); 
    17221755                } 
     
    17851818        // If no taxonomy, assume tt_ids. 
    17861819        if ( empty($taxonomy) ) { 
    17871820                $tt_ids = implode(', ', $ids); 
     1821                // @RawSQLUse, algorithmic 
    17881822                $terms = $wpdb->get_results("SELECT term_id, taxonomy FROM $wpdb->term_taxonomy WHERE term_taxonomy_id IN ($tt_ids)"); 
    17891823                foreach ( (array) $terms as $term ) { 
    17901824                        $taxonomies[] = $term->taxonomy; 
     
    20532087        } 
    20542088 
    20552089        // Get the object and term ids and stick them in a lookup table 
     2090        // @RawSQLUse, algorithmic 
    20562091        $results = $wpdb->get_results("SELECT object_id, term_taxonomy_id FROM $wpdb->term_relationships INNER JOIN $wpdb->posts ON object_id = ID WHERE term_taxonomy_id IN (".join(',', array_keys($term_ids)).") AND post_type = 'post' AND post_status = 'publish'"); 
    20572092        foreach ( $results as $row ) { 
    20582093                $id = $term_ids[$row->term_taxonomy_id]; 
     
    20992134        global $wpdb; 
    21002135 
    21012136        foreach ( (array) $terms as $term ) { 
     2137                // @RawSQLUse, simple_code 
    21022138                $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term ) ); 
    21032139                $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxonomy_id' => $term ) ); 
    21042140        } 
  • wp-includes/post.php

     
    224224                        $post = $post->ID; 
    225225                $post = (int) $post; 
    226226                if ( ! $_post = wp_cache_get($post, 'posts') ) { 
     227                        // @RawSQLUse, simple_code 
    227228                        $_post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d LIMIT 1", $post)); 
    228229                        if ( ! $_post ) 
    229230                                return $null; 
     
    424425        global $wpdb; 
    425426 
    426427        $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); 
     428        // @RawSQLUse, method_exists 
    427429        $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); 
    428430 
    429431        if ( 'page' == $post_type ) 
     
    519521        // expected_slashed ($meta_key) 
    520522        $meta_key = stripslashes($meta_key); 
    521523 
     524        // @RawSQLUse, trivial_implementation 
    522525        if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) 
    523526                return false; 
    524527 
     
    559562        $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); 
    560563 
    561564        if ( empty( $meta_value ) ) 
     565                // @RawSQLUse, trivial_implementation 
    562566                $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 
    563567        else 
     568                // @RawSQLUse, trivial_implementation 
    564569                $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 
    565570 
    566571        if ( !$meta_id ) 
    567572                return false; 
    568573 
    569574        if ( empty( $meta_value ) ) 
     575                // @RawSQLUse, trivial_implementation 
    570576                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 
    571577        else 
     578                // @RawSQLUse, trivial_implementation 
    572579                $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 
    573580 
    574581        wp_cache_delete($post_id, 'post_meta'); 
     
    637644        // expected_slashed ($meta_key) 
    638645        $meta_key = stripslashes($meta_key); 
    639646 
     647        // @RawSQLUse, trivial_implementation 
    640648        if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) { 
    641649                return add_post_meta($post_id, $meta_key, $meta_value); 
    642650        } 
     
    667675 */ 
    668676function delete_post_meta_by_key($post_meta_key) { 
    669677        global $wpdb; 
     678        // @RawSQLUse, trivial_implementation 
    670679        if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { 
    671680                /** @todo Get post_ids and delete cache */ 
    672681                // wp_cache_delete($post_id, 'post_meta'); 
     
    950959 
    951960        $cache_key = $type; 
    952961 
     962        // @RawSQLUse, simple_code 
    953963        $query = "SELECT post_status, COUNT( * ) AS num_posts FROM {$wpdb->posts} WHERE post_type = %s"; 
    954964        if ( 'readable' == $perm && is_user_logged_in() ) { 
    955965                if ( !current_user_can("read_private_{$type}s") ) { 
     
    9941004        global $wpdb; 
    9951005 
    9961006        $and = wp_post_mime_type_where( $mime_type ); 
     1007        // @RawSQLUse, simple_code 
    9971008        $count = $wpdb->get_results( "SELECT post_mime_type, COUNT( * ) AS num_posts FROM $wpdb->posts WHERE post_type = 'attachment' $and GROUP BY post_mime_type", ARRAY_A ); 
    9981009 
    9991010        $stats = array( ); 
     
    11011112function wp_delete_post($postid = 0) { 
    11021113        global $wpdb, $wp_rewrite; 
    11031114 
     1115        // @RawSQLUse, trivial_implementation 
    11041116        if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 
    11051117                return $post; 
    11061118 
     
    11271139                } 
    11281140 
    11291141                // Point children of this page to its parent, also clean the cache of affected children 
     1142                // @RawSQLUse, trivial_implementation 
    11301143                $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid); 
    11311144                $children = $wpdb->get_results($children_query); 
    11321145 
     
    11361149        } 
    11371150 
    11381151        // Do raw query.  wp_get_post_revisions() is filtered 
     1152        // @RawSQLUse, trivial_implementation 
    11391153        $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) ); 
    11401154        // Use wp_delete_post (via wp_delete_post_revision) again.  Ensures any meta/misplaced data gets cleaned up. 
    11411155        foreach ( $revision_ids as $revision_id ) 
     
    11441158        // Point all attachments to this post up one level 
    11451159        $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); 
    11461160 
     1161        // @RawSQLUse, trivial_implementation 
    11471162        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 
    11481163 
     1164        // @RawSQLUse, trivial_implementation 
    11491165        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 
    11501166 
     1167        // @RawSQLUse, trivial_implementation 
    11511168        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); 
    11521169 
    11531170        if ( 'page' == $post->post_type ) { 
     
    12581275                $limit = "LIMIT $num"; 
    12591276        } 
    12601277 
     1278        // @RawSQLUse, simple_code 
    12611279        $sql = "SELECT * FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC $limit"; 
    12621280        $result = $wpdb->get_results($sql,ARRAY_A); 
    12631281 
     
    14671485                $post_password = ''; 
    14681486 
    14691487        if ( !in_array( $post_status, array( 'draft', 'pending' ) ) ) { 
     1488                // @RawSQLUse, algorithmic 
    14701489                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $post_name, $post_type, $post_ID, $post_parent)); 
    14711490 
    14721491                if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) { 
    14731492                        $suffix = 2; 
    14741493                        do { 
    14751494                                $alt_post_name = substr($post_name, 0, 200-(strlen($suffix)+1)). "-$suffix"; 
     1495                                // @RawSQLUse, algorithmic 
    14761496                                $post_name_check = $wpdb->get_var($wpdb->prepare("SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_type = %s AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_type, $post_ID, $post_parent)); 
    14771497                                $suffix++; 
    14781498                        } while ($post_name_check); 
     
    15001520                // If there is a suggested ID, use it if not already present 
    15011521                if ( !empty($import_id) ) { 
    15021522                        $import_id = (int) $import_id; 
     1523                        // @RawSQLUse, trivial_implementation 
    15031524                        if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 
    15041525                                $data['ID'] = $import_id; 
    15051526                        } 
     
    18141835 */ 
    18151836function add_ping($post_id, $uri) { 
    18161837        global $wpdb; 
     1838        // @RawSQLUse, trivial_implementation 
    18171839        $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    18181840        $pung = trim($pung); 
    18191841        $pung = preg_split('/\s/', $pung); 
     
    18631885 */ 
    18641886function get_pung($post_id) { 
    18651887        global $wpdb; 
     1888        // @RawSQLUse, trivial_implementation 
    18661889        $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    18671890        $pung = trim($pung); 
    18681891        $pung = preg_split('/\s/', $pung); 
     
    18811904 */ 
    18821905function get_to_ping($post_id) { 
    18831906        global $wpdb; 
     1907        // @RawSQLUse, trivial_implementation 
    18841908        $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 
    18851909        $to_ping = trim($to_ping); 
    18861910        $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); 
     
    19351959        global $wpdb; 
    19361960 
    19371961        if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { 
     1962                // @RawSQLUse, trivial_implementation 
    19381963                $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); 
    19391964                wp_cache_add('all_page_ids', $page_ids, 'posts'); 
    19401965        } 
     
    19882013        foreach( (array) $page_paths as $pathdir) 
    19892014                $full_path .= ($pathdir!=''?'/':'') . sanitize_title($pathdir); 
    19902015 
     2016        // @RawSQLUse, algorithmic 
    19912017        $pages = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_name = %s AND (post_type = 'page' OR post_type = 'attachment')", $leaf_path )); 
    19922018 
    19932019        if ( empty($pages) ) 
     
    19972023                $path = '/' . $leaf_path; 
    19982024                $curpage = $page; 
    19992025                while ($curpage->post_parent != 0) { 
     2026                        // @RawSQLUse, trivial_implementation 
    20002027                        $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); 
    20012028                        $path = '/' . $curpage->post_name . $path; 
    20022029                } 
     
    20202047 */ 
    20212048function get_page_by_title($page_title, $output = OBJECT) { 
    20222049        global $wpdb; 
     2050        // @RawSQLUse, trivial_implementation 
    20232051        $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); 
    20242052        if ( $page ) 
    20252053                return get_page($page, $output); 
     
    21142142 * 
    21152143 * @param mixed $args Optional. Array or string of options that overrides defaults. 
    21162144 * @return array List of pages matching defaults or $args 
     2145 * @RawSQLUse, algorithmic 
    21172146 */ 
     2147 
    21182148function &get_pages($args = '') { 
    21192149        global $wpdb; 
    21202150 
     
    22212251        if ( $parent >= 0 ) 
    22222252                $where .= $wpdb->prepare(' AND post_parent = %d ', $parent); 
    22232253 
     2254        // @RawSQLUse, algorithmic 
    22242255        $query = "SELECT * FROM $wpdb->posts $join WHERE (post_type = 'page' AND post_status = 'publish') $where "; 
    22252256        $query .= $author_query; 
    22262257        $query .= " ORDER BY " . $sort_column . " " . $sort_order ; 
     
    23742405                $post_name = sanitize_title($post_name); 
    23752406 
    23762407        // expected_slashed ($post_name) 
     2408        // @RawSQLUse, algorithmic 
    23772409        $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID)); 
    23782410 
    23792411        if ($post_name_check) { 
     
    23812413                while ($post_name_check) { 
    23822414                        $alt_post_name = $post_name . "-$suffix"; 
    23832415                        // expected_slashed ($alt_post_name, $post_name) 
     2416                        // @RawSQLUse, algorithmic 
    23842417                        $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent)); 
    23852418                        $suffix++; 
    23862419                } 
     
    24372470                // If there is a suggested ID, use it if not already present 
    24382471                if ( !empty($import_id) ) { 
    24392472                        $import_id = (int) $import_id; 
     2473                        // @RawSQLUse, trivial_implementation 
    24402474                        if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 
    24412475                                $data['ID'] = $import_id; 
    24422476                        } 
     
    24842518function wp_delete_attachment($postid) { 
    24852519        global $wpdb; 
    24862520 
     2521        // @RawSQLUse, trivial_implementation 
    24872522        if ( !$post = $wpdb->get_row(  $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 
    24882523                return $post; 
    24892524 
     
    24982533        /** @todo Delete for pluggable post taxonomies too */ 
    24992534        wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 
    25002535 
     2536        // @RawSQLUse, trivial_implementation 
    25012537        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 
    25022538 
     2539        // @RawSQLUse, trivial_implementation 
    25032540        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 
    25042541 
     2542        // @RawSQLUse, trivial_implementation 
    25052543        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); 
    25062544 
    25072545        $uploadPath = wp_upload_dir(); 
    25082546 
    25092547        if ( ! empty($meta['thumb']) ) { 
    25102548                // Don't delete the thumb if another attachment uses it 
     2549                // @RawSQLUse, algorithmic 
    25112550                if (! $wpdb->get_row( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE %s AND post_id <> %d", '%'.$meta['thumb'].'%', $postid)) ) { 
    25122551                        $thumbfile = str_replace(basename($file), $meta['thumb'], $file); 
    25132552                        $thumbfile = apply_filters('wp_delete_file', $thumbfile); 
     
    28322871 * 
    28332872 * @param string $post_type currently only supports 'post' or 'page'. 
    28342873 * @return string SQL code that can be added to a where clause. 
     2874 * @RawSQLUse, algorithmic  
    28352875 */ 
     2876 
    28362877function get_private_posts_cap_sql($post_type) { 
    28372878        global $user_ID; 
    28382879        $cap = ''; 
     
    28942935        if ( !isset($cache_lastpostdate[$blog_id][$timezone]) ) { 
    28952936                switch(strtolower($timezone)) { 
    28962937                        case 'gmt': 
     2938                                // @RawSQLUse, simple_code 
    28972939                                $lastpostdate = $wpdb->get_var("SELECT post_date_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 
    28982940                                break; 
    28992941                        case 'blog': 
     2942                                // @RawSQLUse, simple_code 
    29002943                                $lastpostdate = $wpdb->get_var("SELECT post_date FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 
    29012944                                break; 
    29022945                        case 'server': 
     2946                                // @RawSQLUse, simple_code 
    29032947                                $lastpostdate = $wpdb->get_var("SELECT DATE_ADD(post_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_date_gmt DESC LIMIT 1"); 
    29042948                                break; 
    29052949                } 
     
    29332977        if ( !isset($cache_lastpostmodified[$blog_id][$timezone]) ) { 
    29342978                switch(strtolower($timezone)) { 
    29352979                        case 'gmt': 
     2980                                // @RawSQLUse, simple_code 
    29362981                                $lastpostmodified = $wpdb->get_var("SELECT post_modified_gmt FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 
    29372982                                break; 
    29382983                        case 'blog': 
     2984                                // @RawSQLUse, simple_code 
    29392985                                $lastpostmodified = $wpdb->get_var("SELECT post_modified FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 
    29402986                                break; 
    29412987                        case 'server': 
     2988                                // @RawSQLUse, simple_code 
    29422989                                $lastpostmodified = $wpdb->get_var("SELECT DATE_ADD(post_modified_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->posts WHERE post_status = 'publish' ORDER BY post_modified_gmt DESC LIMIT 1"); 
    29432990                                break; 
    29442991                } 
     
    30033050 
    30043051        do_action('clean_post_cache', $id); 
    30053052 
     3053        // @RawSQLUse, trivial_implementation 
    30063054        if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) { 
    30073055                foreach( $children as $cid ) 
    30083056                        clean_post_cache( $cid ); 
     
    31193167        // Get post-meta info 
    31203168        $id_list = join(',', $ids); 
    31213169        $cache = array(); 
     3170        // @RawSQLUse, algorithmic 
    31223171        if ( $meta_list = $wpdb->get_results("SELECT post_id, meta_key, meta_value FROM $wpdb->postmeta WHERE post_id IN ($id_list)", ARRAY_A) ) { 
    31233172                foreach ( (array) $meta_list as $metarow) { 
    31243173                        $mpid = (int) $metarow['post_id']; 
     
    32833332                return; 
    32843333 
    32853334        $id = $_post->ancestors[] = $_post->post_parent; 
     3335        // @RawSQLUse, simple_code 
    32863336        while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) { 
    32873337                if ( $id == $ancestor ) 
    32883338                        break; 
  • wp-includes/comment.php

     
    8080                        $domain = $uri['host']; 
    8181                        $uri = parse_url( get_option('home') ); 
    8282                        $home_domain = $uri['host']; 
     83                        // @RawSQLUse, algorithmic 
    8384                        if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 
    8485                                return true; 
    8586                        else 
    8687                                return false; 
    8788                } elseif ( $author != '' && $email != '' ) { 
    8889                        // expected_slashed ($author, $email) 
     90                        // @RawSQLUse, simple_code 
    8991                        $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 
    9092                        if ( ( 1 == $ok_to_comment ) && 
    9193                                ( empty($mod_keys) || false === strpos( $email, $mod_keys) ) ) 
     
    110112 */ 
    111113function get_approved_comments($post_id) { 
    112114        global $wpdb; 
     115        // @RawSQLUse, simple_code 
    113116        return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); 
    114117} 
    115118 
     
    145148                if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { 
    146149                        $_comment = & $GLOBALS['comment']; 
    147150                } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { 
     151                        // @RawSQLUse, simple_code 
    148152                        $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); 
    149153                        wp_cache_add($_comment->comment_ID, $_comment, 'comment'); 
    150154                } 
     
    231235        else 
    232236                $post_where = ''; 
    233237 
     238        // @RawSQLUse, algorithmic 
    234239        $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE $post_where $approved ORDER BY $orderby $order $number" ); 
    235240        wp_cache_add( $cache_key, $comments, 'comment' ); 
    236241 
     
    281286 
    282287        switch ( strtolower($timezone)) { 
    283288                case 'gmt': 
     289                        // @RawSQLUse, simple_code 
    284290                        $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); 
    285291                        break; 
    286292                case 'blog': 
     293                        // @RawSQLUse, simple_code 
    287294                        $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1"); 
    288295                        break; 
    289296                case 'server': 
     297                        // @RawSQLUse, simple_code 
    290298                        $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server)); 
    291299                        break; 
    292300        } 
     
    319327                $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id); 
    320328        } 
    321329 
     330        // @RawSQLUse, simple_code 
    322331        $totals = (array) $wpdb->get_results(" 
    323332                SELECT comment_approved, COUNT( * ) AS total 
    324333                FROM {$wpdb->comments} 
     
    418427        if ( $user_id ) { 
    419428                $userdata = get_userdata($user_id); 
    420429                $user = new WP_User($user_id); 
     430                // @RawSQLUse, simple_code 
    421431                $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); 
    422432        } 
    423433 
     
    459469        global $wpdb; 
    460470        if ( current_user_can( 'manage_options' ) ) 
    461471                return; // don't throttle admins 
     472        // @RawSQLUse, algorithmic 
    462473        if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) { 
    463474                $time_lastcomment = mysql2date('U', $lasttime); 
    464475                $time_newcomment  = mysql2date('U', $date); 
     
    592603        $comtypewhere = ( 'all' != $args['type'] && isset($allowedtypes[$args['type']]) ) ? " AND comment_type = '" . $allowedtypes[$args['type']] . "'" : ''; 
    593604 
    594605        // Count comments older than this one 
     606        // @RawSQLUse, algorithmic 
    595607        $oldercoms = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(comment_ID) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_parent = 0 AND comment_date_gmt < '%s'" . $comtypewhere, $comment->comment_post_ID, $comment->comment_date_gmt ) ); 
    596608 
    597609        // No older comments? Then it's page #1. 
     
    692704        if( $post_id > 0 ) 
    693705                $where = $wpdb->prepare( "WHERE comment_post_ID = %d", $post_id ); 
    694706 
     707        // @RawSQLUse, simple_code 
    695708        $count = $wpdb->get_results( "SELECT comment_approved, COUNT( * ) AS num_comments FROM {$wpdb->comments} {$where} GROUP BY comment_approved", ARRAY_A ); 
    696709 
    697710        $total = 0; 
     
    736749 
    737750        $comment = get_comment($comment_id); 
    738751 
     752        // @RawSQLUse, trivial_implementation 
    739753        if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) 
    740754                return false; 
    741755 
     
    878892        if ( ! isset($comment_type) ) 
    879893                $comment_type = ''; 
    880894 
     895        // @RawSQLUse, method_exists 
    881896        $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments 
    882897        (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) 
    883898        VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", 
     
    10161031 
    10171032        switch ( $comment_status ) { 
    10181033                case 'hold': 
     1034                        // @RawSQLUse, simple_code 
    10191035                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); 
    10201036                        break; 
    10211037                case 'approve': 
     1038                        // @RawSQLUse, simple_code 
    10221039                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); 
    10231040                        if ( get_option('comments_notify') ) { 
    10241041                                $comment = get_comment($comment_id); 
     
    10261043                        } 
    10271044                        break; 
    10281045                case 'spam': 
     1046                        // @RawSQLUse, simple_code 
    10291047                        $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); 
    10301048                        break; 
    10311049                case 'delete': 
     
    10911109        else if ( 'approve' == $comment_approved ) 
    10921110                $comment_approved = 1; 
    10931111 
     1112        // @RawSQLUse, method_exists 
    10941113        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET 
    10951114                        comment_content      = %s, 
    10961115                        comment_author       = %s, 
     
    12051224                return false; 
    12061225 
    12071226        $old = (int) $post->comment_count; 
     1227        // @RawSQLUse, trivial_implementation 
    12081228        $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); 
     1229        // @RawSQLUse, method_exists 
    12091230        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); 
    12101231 
    12111232        if ( 'page' == $post->post_type ) 
     
    12911312        global $wpdb; 
    12921313 
    12931314        // Do pingbacks 
     1315        // @RawSQLUse, simple_code 
    12941316        while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { 
     1317                // @RawSQLUse, trivial_implementation 
    12951318                $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); 
    12961319                pingback($ping->post_content, $ping->ID); 
    12971320        } 
    12981321 
    12991322        // Do Enclosures 
     1323        // @RawSQLUse, simple_code 
    13001324        while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { 
     1325                // @RawSQLUse, trivial_implementation 
    13011326                $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); 
    13021327                do_enclose($enclosure->post_content, $enclosure->ID); 
    13031328        } 
    13041329 
    13051330        // Do Trackbacks 
     1331        // @RawSQLUse, algorithmic 
    13061332        $trackbacks = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE to_ping <> '' AND post_status = 'publish'"); 
    13071333        if ( is_array($trackbacks) ) 
    13081334                foreach ( $trackbacks as $trackback ) 
     
    13231349function do_trackbacks($post_id) { 
    13241350        global $wpdb; 
    13251351 
     1352        // @RawSQLUse, trivial_implementation 
    13261353        $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); 
    13271354        $to_ping = get_to_ping($post_id); 
    13281355        $pinged  = get_pung($post_id); 
    13291356        if ( empty($to_ping) ) { 
     1357                // @RawSQLUse, method_exists 
    13301358                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); 
    13311359                return; 
    13321360        } 
     
    13481376                                trackback($tb_ping, $post_title, $excerpt, $post_id); 
    13491377                                $pinged[] = $tb_ping; 
    13501378                        } else { 
     1379                                // @RawSQLUse, simple_code 
    13511380                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) ); 
    13521381                        } 
    13531382                } 
     
    15011530                return; 
    15021531 
    15031532        $tb_url = addslashes( $trackback_url ); 
     1533        // @RawSQLUse, simple_code 
    15041534        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) ); 
     1535        // @RawSQLUse, simple_code 
    15051536        return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) ); 
    15061537} 
    15071538 
  • wp-includes/functions.php

     
    331331                        if ( defined( 'WP_INSTALLING' ) ) 
    332332                                $suppress = $wpdb->suppress_errors(); 
    333333                        // expected_slashed ($setting) 
     334                        // @RawSQLUse, simple_code 
    334335                        $row = $wpdb->get_row( "SELECT option_value FROM $wpdb->options WHERE option_name = '$setting' LIMIT 1" ); 
    335336                        if ( defined( 'WP_INSTALLING' ) ) 
    336337                                $wpdb->suppress_errors($suppress); 
     
    407408function get_alloptions() { 
    408409        global $wpdb; 
    409410        $show = $wpdb->hide_errors(); 
     411        // @RawSQLUse, trivial_implementation 
    410412        if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 
     413                // @RawSQLUse, trivial_implementation 
    411414                $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 
    412415        $wpdb->show_errors($show); 
    413416 
     
    441444 
    442445        if ( !$alloptions ) { 
    443446                $suppress = $wpdb->suppress_errors(); 
     447                // @RawSQLUse, trivial_implementation 
    444448                if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 
     449                        // @RawSQLUse, trivial_implementation 
    445450                        $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 
    446451                $wpdb->suppress_errors($suppress); 
    447452                $alloptions = array(); 
     
    514519                wp_cache_set( $option_name, $newvalue, 'options' ); 
    515520        } 
    516521 
     522        // @RawSQLUse, method_exists 
    517523        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); 
    518524        if ( $wpdb->rows_affected == 1 ) { 
    519525                do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); 
     
    581587                wp_cache_set( 'notoptions', $notoptions, 'options' ); 
    582588        } 
    583589 
     590        // @RawSQLUse, method_exists 
    584591        $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); 
    585592 
    586593        do_action( "add_option_{$name}", $name, $value ); 
     
    604611 
    605612        // Get the ID, if no ID then return 
    606613        // expected_slashed ($name) 
     614        // @RawSQLUse, trivial_implementation 
    607615        $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); 
    608616        if ( is_null($option) || !$option->option_id ) 
    609617                return false; 
    610618        // expected_slashed ($name) 
     619        // @RawSQLUse, trivial_implementation 
    611620        $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); 
    612621        if ( 'yes' == $option->autoload ) { 
    613622                $alloptions = wp_load_alloptions(); 
     
    987996        } 
    988997 
    989998        foreach ( (array) $post_links as $url ) { 
     999                // @RawSQLUse, algorithmic 
    9901000                if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) { 
    9911001                        if ( $headers = wp_get_http_headers( $url) ) { 
    9921002                                $len = (int) $headers['content-length']; 
     
    9941004                                $allowed_types = array( 'video', 'audio' ); 
    9951005                                if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 
    9961006                                        $meta_value = "$url\n$len\n$type\n"; 
     1007                                        // @RawSQLUse, method_exists 
    9971008                                        $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 
    9981009                                        VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); 
    9991010                                } 
     
    15371548                return true; 
    15381549 
    15391550        $suppress = $wpdb->suppress_errors(); 
     1551        // @RawSQLUse, trivial_implementation 
    15401552        $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); 
    15411553        $wpdb->suppress_errors($suppress); 
    15421554 
  • wp-includes/comment-template.php

     
    814814 
    815815        /** @todo Use API instead of SELECTs. */ 
    816816        if ( $user_ID) { 
     817                // @RawSQLUse, algorithmic 
    817818                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) )  ORDER BY comment_date", $post->ID, $user_ID)); 
    818819        } else if ( empty($comment_author) ) { 
     820                // @RawSQLUse, simple_code 
    819821                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID)); 
    820822        } else { 
     823                // @RawSQLUse, algorithmic 
    821824                $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email)); 
    822825        } 
    823826 
  • wp-includes/user.php

     
    108108        global $wpdb; 
    109109        if ( !$user ) 
    110110                $user = $wpdb->escape($_COOKIE[USER_COOKIE]); 
     111                // @RawSQLUse, trivial_implementation 
    111112        return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); 
    112113} 
    113114 
     
    123124function get_usernumposts($userid) { 
    124125        global $wpdb; 
    125126        $userid = (int) $userid; 
     127        // @RawSQLUse, trivial_implementation 
    126128        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post')); 
    127129        return apply_filters('get_usernumposts', $count, $userid); 
    128130} 
     
    232234        global $wpdb, $blog_id; 
    233235        if ( empty($id) ) 
    234236                $id = (int) $blog_id; 
     237        // @RawSQLUse, simple_code 
    235238        $users = $wpdb->get_results( "SELECT user_id, user_login, display_name, user_email, meta_value FROM $wpdb->users, $wpdb->usermeta WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND meta_key = '" . $wpdb->prefix . "capabilities' ORDER BY {$wpdb->usermeta}.user_id" ); 
    236239        return $users; 
    237240} 
     
    262265        $meta_value = trim( $meta_value ); 
    263266 
    264267        if ( ! empty($meta_value) ) 
     268                // @RawSQLUse, trivial_implementation 
    265269                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); 
    266270        else 
     271                // @RawSQLUse, trivial_implementation 
    267272                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 
    268273 
    269274        wp_cache_delete($user_id, 'users'); 
     
    300305                if ( false !== $user && isset($user->$meta_key) ) 
    301306                        $metas = array($user->$meta_key); 
    302307                else 
     308                        // @RawSQLUse, trivial_implementation 
    303309                        $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 
    304310        } else { 
     311                // @RawSQLUse, trivial_implementation 
    305312                $metas = $wpdb->get_col( $wpdb->prepare("SELECT meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) ); 
    306313        } 
    307314 
     
    352359                return delete_usermeta($user_id, $meta_key); 
    353360        } 
    354361 
     362        // @RawSQLUse, trivial_implementation 
    355363        $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 
    356364        if ( !$cur ) { 
     365                // @RawSQLUse, method_exists 
    357366                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) 
    358367                VALUES 
    359368                ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); 
    360369        } else if ( $cur->meta_value != $meta_value ) { 
     370                // @RawSQLUse, method_exists 
    361371                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); 
    362372        } else { 
    363373                return false; 
     
    458468        $r = wp_parse_args( $args, $defaults ); 
    459469        extract( $r, EXTR_SKIP ); 
    460470 
     471        // @RawSQLUse, algorithmic 
    461472        $query = "SELECT * FROM $wpdb->users"; 
    462473 
    463474        $query_where = array(); 
     
    529540        global $wpdb; 
    530541 
    531542        $show = $wpdb->hide_errors(); 
     543        // @RawSQLUse, trivial_implementation 
    532544        $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); 
    533545        $wpdb->show_errors($show); 
    534546 
  • wp-includes/query.php

     
    19221922                        $taxonomy_field = $item == 'tag_slug__and' ? 'slug' : 'term_id'; 
    19231923 
    19241924                        $q[$item] = array_unique($q[$item]); 
     1925                        // @RawSQLUse, algorithmic 
    19251926                        $tsql = "SELECT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->term_relationships tr ON (p.ID = tr.object_id) INNER JOIN $wpdb->term_taxonomy tt ON (tr.term_taxonomy_id = tt.term_taxonomy_id) INNER JOIN $wpdb->terms t ON (tt.term_id = t.term_id)"; 
    19261927                        $tsql .= " WHERE tt.taxonomy = '$taxonomy' AND t.$taxonomy_field IN ('" . implode("', '", $q[$item]) . "')"; 
    19271928                        $tsql .= " GROUP BY p.ID HAVING count(p.ID) = " . count($q[$item]); 
     
    21862187                                $cgroupby = apply_filters('comment_feed_groupby', $cgroupby); 
    21872188                        } 
    21882189 
     2190                        // @RawSQLUse, algorithmic 
    21892191                        $this->comments = (array) $wpdb->get_results("SELECT $distinct $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere $cgroupby ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss')); 
    21902192                        $this->comment_count = count($this->comments); 
    21912193 
     
    22422244                if ( !empty($limits) ) 
    22432245                        $found_rows = 'SQL_CALC_FOUND_ROWS'; 
    22442246 
     2247                // @RawSQLUse, algorithmic 
    22452248                $this->request = " SELECT $found_rows $distinct $fields FROM $wpdb->posts $join WHERE 1=1 $where $groupby $orderby $limits"; 
    22462249                if ( !$q['suppress_filters'] ) 
    22472250                        $this->request = apply_filters('posts_request', $this->request); 
     
    22542257                if ( !empty($this->posts) && $this->is_comment_feed && $this->is_singular ) { 
    22552258                        $cjoin = apply_filters('comment_feed_join', ''); 
    22562259                        $cwhere = apply_filters('comment_feed_where', "WHERE comment_post_ID = '{$this->posts[0]->ID}' AND comment_approved = '1'"); 
     2260                        // @RawSQLUse, algorithmic 
    22572261                        $comments_request = "SELECT $wpdb->comments.* FROM $wpdb->comments $cjoin $cwhere ORDER BY comment_date_gmt DESC LIMIT " . get_option('posts_per_rss'); 
    22582262                        $this->comments = $wpdb->get_results($comments_request); 
    22592263                        $this->comment_count = count($this->comments); 
     
    23232327                        // Fetch sticky posts that weren't in the query results 
    23242328                        if ( !empty($sticky_posts) ) { 
    23252329                                $stickies__in = implode(',', array_map( 'absint', $sticky_posts )); 
     2330                                // @RawSQLUse, algorithmic 
    23262331                                $stickies = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE $wpdb->posts.ID IN ($stickies__in)" ); 
    23272332                                /** @todo Make sure post is published or viewable by the current user */ 
    23282333                                foreach ( $stickies as $sticky_post ) { 
     
    26152620        if ( is_404() && '' != $wp_query->query_vars['name'] ) : 
    26162621                global $wpdb; 
    26172622 
     2623                // @RawSQLUse, simple_code 
    26182624                $query = "SELECT post_id FROM $wpdb->postmeta, $wpdb->posts WHERE ID = post_id AND meta_key = '_wp_old_slug' AND meta_value='" . $wp_query->query_vars['name'] . "'"; 
    26192625 
    26202626                // if year, monthnum, or day have been specified, make our query more precise 
  • wp-includes/bookmark.php

     
    3232                if ( isset($GLOBALS['link']) && ($GLOBALS['link']->link_id == $bookmark) ) { 
    3333                        $_bookmark = & $GLOBALS['link']; 
    3434                } elseif ( ! $_bookmark = wp_cache_get($bookmark, 'bookmark') ) { 
     35                        // @RawSQLUse, simple_code 
    3536                        $_bookmark = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->links WHERE link_id = %d LIMIT 1", $bookmark)); 
    3637                        $_bookmark->link_category = array_unique( wp_get_object_terms($_bookmark->link_id, 'link_category', 'fields=ids') ); 
    3738                        wp_cache_add($_bookmark->link_id, $_bookmark, 'bookmark'); 
     
    241242        if ( $hide_invisible ) 
    242243                $visible = "AND link_visible = 'Y'"; 
    243244 
     245        // @RawSQLUse, algorithmic 
    244246        $query = "SELECT * $length $recently_updated_test $get_updated FROM $wpdb->links $join WHERE 1=1 $visible $category_query"; 
    245247        $query .= " $exclusions $inclusions $search"; 
    246248        $query .= " ORDER BY $orderby $order"; 
  • wp-includes/link-template.php

     
    900900        $where = apply_filters( "get_{$adjacent}_post_where", $wpdb->prepare("WHERE p.post_date $op %s AND p.post_type = 'post' AND p.post_status = 'publish' $posts_in_ex_cats_sql", $current_post_date), $in_same_cat, $excluded_categories ); 
    901901        $sort  = apply_filters( "get_{$adjacent}_post_sort", "ORDER BY p.post_date $order LIMIT 1" ); 
    902902 
     903        // @RawSQLUse, algorithmic 
    903904        return $wpdb->get_row("SELECT p.* FROM $wpdb->posts AS p $join $where $sort"); 
    904905} 
    905906 
  • wp-includes/author-template.php

     
    472472        $return = ''; 
    473473 
    474474        /** @todo Move select to get_authors(). */ 
     475        // @RawSQLUse, algorithmic 
    475476        $authors = $wpdb->get_results("SELECT ID, user_nicename from $wpdb->users " . ($exclude_admin ? "WHERE user_login <> 'admin' " : '') . "ORDER BY display_name"); 
    476477 
    477478        $author_count = array(); 
     479        // @RawSQLUse, simple_code 
    478480        foreach ((array) $wpdb->get_results("SELECT DISTINCT post_author, COUNT(ID) AS count FROM $wpdb->posts WHERE post_type = 'post' AND " . get_private_posts_cap_sql( 'post' ) . " GROUP BY post_author") as $row) { 
    479481                $author_count[$row->post_author] = $row->count; 
    480482        } 
  • wp-includes/rewrite.php

     
    782782                global $wpdb; 
    783783 
    784784                //get pages in order of hierarchy, i.e. children after parents 
     785                // @RawSQLUse, trivial_implementation 
    785786                $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'")); 
    786787                //now reverse it, because we need parents after children for rewrite rules to work properly 
    787788                $posts = array_reverse($posts, true); 
     
    795796                foreach ($posts as $id => $post) { 
    796797                        // URL => page name 
    797798                        $uri = get_page_uri($id); 
     799                        // @RawSQLUse, trivial_implementation 
    798800                        $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); 
    799801                        if ( $attachments ) { 
    800802                                foreach ( $attachments as $attachment ) { 
  • wp-includes/general-template.php

     
    422422        } 
    423423        if ( !empty($author_name) ) { 
    424424                // We do a direct query here because we don't cache by nicename. 
     425                // @RawSQLUse, trivial_implementation 
    425426                $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); 
    426427        } 
    427428 
     
    510511 
    511512        if ( intval($p) || '' != $name ) { 
    512513                if ( !$p ) 
     514                // @RawSQLUse, trivial_implementation 
    513515                        $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); 
    514516                $post = & get_post($p); 
    515517                $title = $post->post_title; 
     
    760762        $output = ''; 
    761763 
    762764        if ( 'monthly' == $type ) { 
     765                // @RawSQLUse, simple_code 
    763766                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date) ORDER BY post_date DESC $limit"; 
    764767                $key = md5($query); 
    765768                $cache = wp_cache_get( 'wp_get_archives' , 'general'); 
     
    781784                        } 
    782785                } 
    783786        } elseif ('yearly' == $type) { 
     787                // @RawSQLUse, simple_code 
    784788                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date) ORDER BY post_date DESC $limit"; 
    785789                $key = md5($query); 
    786790                $cache = wp_cache_get( 'wp_get_archives' , 'general'); 
     
    802806                        } 
    803807                } 
    804808        } elseif ( 'daily' == $type ) { 
     809                // @RawSQLUse, simple_code 
    805810                $query = "SELECT DISTINCT YEAR(post_date) AS `year`, MONTH(post_date) AS `month`, DAYOFMONTH(post_date) AS `dayofmonth`, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY YEAR(post_date), MONTH(post_date), DAYOFMONTH(post_date) ORDER BY post_date DESC $limit"; 
    806811                $key = md5($query); 
    807812                $cache = wp_cache_get( 'wp_get_archives' , 'general'); 
     
    825830                } 
    826831        } elseif ( 'weekly' == $type ) { 
    827832                $start_of_week = get_option('start_of_week'); 
     833                // @RawSQLUse, simple_code 
    828834                $query = "SELECT DISTINCT WEEK(post_date, $start_of_week) AS `week`, YEAR(post_date) AS yr, DATE_FORMAT(post_date, '%Y-%m-%d') AS yyyymmdd, count(ID) as posts FROM $wpdb->posts $join $where GROUP BY WEEK(post_date, $start_of_week), YEAR(post_date) ORDER BY post_date DESC $limit"; 
    829835                $key = md5($query); 
    830836                $cache = wp_cache_get( 'wp_get_archives' , 'general'); 
     
    855861                } 
    856862        } elseif ( ( 'postbypost' == $type ) || ('alpha' == $type) ) { 
    857863                $orderby = ('alpha' == $type) ? "post_title ASC " : "post_date DESC "; 
     864                // @RawSQLUse, algorithmic 
    858865                $query = "SELECT * FROM $wpdb->posts $join $where ORDER BY $orderby $limit"; 
    859866                $key = md5($query); 
    860867                $cache = wp_cache_get( 'wp_get_archives' , 'general'); 
     
    927934        ob_start(); 
    928935        // Quick check. If we have no posts at all, abort! 
    929936        if ( !$posts ) { 
     937                // @RawSQLUse, simple_code 
    930938                $gotsome = $wpdb->get_var("SELECT ID from $wpdb->posts WHERE post_type = 'post' AND post_status = 'publish' ORDER BY post_date DESC LIMIT 1"); 
    931939                if ( !$gotsome ) 
    932940                        return; 
     
    946954                // We need to get the month from MySQL 
    947955                $thisyear = ''.intval(substr($m, 0, 4)); 
    948956                $d = (($w - 1) * 7) + 6; //it seems MySQL's weeks disagree with PHP's 
     957                // @RawSQLUse, simple_code 
    949958                $thismonth = $wpdb->get_var("SELECT DATE_FORMAT((DATE_ADD('${thisyear}0101', INTERVAL $d DAY) ), '%m')"); 
    950959        } elseif ( !empty($m) ) { 
    951960                $thisyear = ''.intval(substr($m, 0, 4)); 
     
    961970        $unixmonth = mktime(0, 0 , 0, $thismonth, 1, $thisyear); 
    962971 
    963972        // Get the next and previous month and year with at least one post 
     973        // @RawSQLUse, algorithmic 
    964974        $previous = $wpdb->get_row("SELECT DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year 
    965975                FROM $wpdb->posts 
    966976                WHERE post_date < '$thisyear-$thismonth-01' 
    967977                AND post_type = 'post' AND post_status = 'publish' 
    968978                        ORDER BY post_date DESC 
    969979                        LIMIT 1"); 
     980        // @RawSQLUse, algorithmic 
    970981        $next = $wpdb->get_row("SELECT  DISTINCT MONTH(post_date) AS month, YEAR(post_date) AS year 
    971982                FROM $wpdb->posts 
    972983                WHERE post_date >       '$thisyear-$thismonth-01' 
     
    10241035        <tr>'; 
    10251036 
    10261037        // Get days with posts 
     1038        // @RawSQLUse, algorithmic 
    10271039        $dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date) 
    10281040                FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth' 
    10291041                AND YEAR(post_date) = '$thisyear' 
     
    10431055                $ak_title_separator = ', '; 
    10441056 
    10451057        $ak_titles_for_day = array(); 
     1058        // @RawSQLUse, algorithmic 
    10461059        $ak_post_titles = $wpdb->get_results("SELECT post_title, DAYOFMONTH(post_date) as dom " 
    10471060                ."FROM $wpdb->posts " 
    10481061                ."WHERE YEAR(post_date) = '$thisyear' " 
  • wp-includes/canonical.php

     
    6868 
    6969        if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) { 
    7070 
     71                // @RawSQLUse, trivial_implementation 
    7172                $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) ); 
    7273 
    7374                if ( isset($vars[0]) && $vars = $vars[0] ) { 
     
    328329        if ( get_query_var('day') ) 
    329330                $where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day')); 
    330331 
     332        // @RawSQLUse, algorithmic 
    331333        $post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'"); 
    332334        if ( !$post_id ) 
    333335                return false; 
  • wp-includes/deprecated.php

     
    11201120        _deprecated_function(__FUNCTION__, '0.0' ); 
    11211121 
    11221122        if ( $count ) 
     1123                // @RawSQLUse, trivial_implementation 
    11231124                $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links"); 
    11241125 
    11251126        $javascript = "<a href=\"#\" onclick=\"javascript:window.open('$file?popup=1', '_blank', 'width=$width,height=$height,scrollbars=yes,status=no'); return false\">"; 
  • wp-includes/pluggable.php

     
    130130        if ( $user ) 
    131131                return $user; 
    132132 
     133        // @RawSQLUse, simple_code 
    133134        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) ) 
    134135                return false; 
    135136 
     
    164165        if ( false !== $user ) 
    165166                return $user; 
    166167 
     168        // @RawSQLUse, trivial_implementation 
    167169        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) ) 
    168170                return false; 
    169171 
     
    194196        if ( false !== $user ) 
    195197                return $user; 
    196198 
     199        // @RawSQLUse, trivial_implementation 
    197200        if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) ) 
    198201                return false; 
    199202 
     
    10021005        if( get_option( "moderation_notify" ) == 0 ) 
    10031006                return true; 
    10041007 
     1008        // @RawSQLUse, simple_code 
    10051009        $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id)); 
     1010        // @RawSQLUse, simple_code 
    10061011        $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID)); 
    10071012 
    10081013        $comment_author_domain = @gethostbyaddr($comment->comment_author_IP); 
     1014        // @RawSQLUse, simple_code 
    10091015        $comments_waiting = $wpdb->get_var("SELECT count(comment_ID) FROM $wpdb->comments WHERE comment_approved = '0'"); 
    10101016 
    10111017        switch ($comment->comment_type) 
     
    14551461        global $wpdb; 
    14561462 
    14571463        $hash = wp_hash_password($password); 
     1464        // @RawSQLUse, method_exists 
    14581465        $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); 
    14591466        $wpdb->query($query); 
    14601467        wp_cache_delete($user_id, 'users'); 
  • wp-includes/widgets.php

     
    13901390                $number = 15; 
    13911391 
    13921392        if ( !$comments = wp_cache_get( 'recent_comments', 'widget' ) ) { 
     1393                // @RawSQLUse, simple_code 
    13931394                $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT $number"); 
    13941395                wp_cache_add( 'recent_comments', $comments, 'widget' ); 
    13951396        } 
  • wp-includes/rss.php

     
    715715                $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts'; 
    716716 
    717717                // shouldn't these be using get_option() ? 
     718                // @RawSQLUse, trivial_implementation 
    718719                if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) ) 
    719720                        add_option($cache_option, '', '', 'no'); 
     721                // @RawSQLUse, trivial_implementation 
    720722                if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) ) 
    721723                        add_option($cache_timestamp, '', '', 'no'); 
    722724 
  • xmlrpc.php

     
    765765                do_action('xmlrpc_call', 'wp.getPageList'); 
    766766 
    767767                // Get list of pages ids and titles 
     768                // @RawSQLUse, simple_code 
    768769                $page_list = $wpdb->get_results(" 
    769770                        SELECT ID page_id, 
    770771                                post_title page_title, 
     
    22732274                global $wpdb; 
    22742275 
    22752276                // find any unattached files 
     2277                // @RawSQLUse, trivial_implementation 
    22762278                $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); 
    22772279                if( is_array( $attachments ) ) { 
    22782280                        foreach( $attachments as $file ) { 
    22792281                                if( strpos( $post_content, $file->guid ) !== false ) { 
     2282                                        // @RawSQLUse, method_exists 
    22802283                                        $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); 
    22812284                                } 
    22822285                        } 
     
    28522855 
    28532856                if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 
    28542857                        // Get postmeta info on the object. 
     2858                        // @RawSQLUse, trivial_implementation 
    28552859                        $old_file = $wpdb->get_row(" 
    28562860                                SELECT ID 
    28572861                                FROM {$wpdb->posts} 
     
    31263130                        return new IXR_Error(404, __('Sorry, no such post.')); 
    31273131                } 
    31283132 
     3133                // @RawSQLUse, trivial_implementation 
    31293134                $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    31303135 
    31313136                if (!$comments) { 
     
    32503255                        } elseif (is_string($urltest['fragment'])) { 
    32513256                                // ...or a string #title, a little more complicated 
    32523257                                $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); 
     3258                                // @RawSQLUse, trivial_implementation 
    32533259                                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); 
    32543260                                if (! ($post_ID = $wpdb->get_var($sql)) ) { 
    32553261                                        // returning unknown error '0' is better than die()ing 
     
    32793285                        return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); 
    32803286 
    32813287                // Let's check that the remote site didn't already pingback this entry 
     3288                // @RawSQLUse, trivial_implementation 
    32823289                $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); 
    32833290 
    32843291                if ( $wpdb->num_rows ) // We already have a Pingback from this URL 
     
    33943401                        return new IXR_Error(32, __('The specified target URL does not exist.')); 
    33953402                } 
    33963403 
     3404                // @RawSQLUse, trivial_implementation 
    33973405                $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    33983406 
    33993407                if (!$comments) { 
  • wp-trackback.php

     
    9797        $comment_content = "<strong>$title</strong>\n\n$excerpt"; 
    9898        $comment_type = 'trackback'; 
    9999 
     100        // @RawSQLUse, trivial_implementation 
    100101        $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); 
    101102        if ( $dupe ) 
    102103                trackback_response(1, 'We already have a ping from that URL for this post.'); 
  • wp-admin/update-links.php

     
    1818if ( !get_option('use_linksupdate') ) 
    1919        wp_die(__('Feature disabled.')); 
    2020 
     21// @RawSQLUse, trivial_implementation 
    2122$link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links"); 
    2223 
    2324if ( !$link_uris ) 
     
    5051foreach ($returns as $return) : 
    5152        $time = substr($return, 0, 19); 
    5253        $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return); 
     54        // @RawSQLUse, method_exists 
    5355        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) ); 
    5456endforeach; 
    5557 
  • wp-admin/users.php

     
    153153                        $go_delete = true; 
    154154                } 
    155155        } 
     156        // @RawSQLUse, simple_code 
    156157        $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); 
    157158        $user_dropdown = '<select name="reassign_user">'; 
    158159        foreach ( (array) $all_logins as $login ) 
  • wp-admin/edit-comments.php

     
    1919 
    2020        $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] ); 
    2121        if ( current_user_can('moderate_comments')) { 
     22        // @RawSQLUse, algorithmic 
    2223                $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); 
    2324        } else { 
    2425                $deleted_spam = 0; 
     
    3435        $deleted = $approved = $unapproved = $spammed = 0; 
    3536        foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each 
    3637                $comment_id = (int) $comment_id; 
     38                // @RawSQLUse, trivial_implementation 
    3739                $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) ); 
    3840 
    3941                if ( !current_user_can('edit_post', $_post_id) ) 
  • wp-admin/admin-ajax.php

     
    5959        if ( strlen( $s ) < 2 ) 
    6060                die; // require 2 chars for matching 
    6161 
     62    // @RawSQLUse, algorithmic 
    6263        $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" ); 
    6364 
    6465        echo join( $results, "\n" ); 
     
    606607        if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 
    607608                die('-1'); 
    608609 
     610        // @RawSQLUse, trivial_implementation 
    609611        $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 
    610612 
    611613        if ( empty($status) ) 
     
    10851087        if ( count($search_terms) > 1 && $search_terms[0] != $s ) 
    10861088                $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 
    10871089 
     1090        // @RawSQLUse, simple_code 
    10881091        $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" ); 
    10891092 
    10901093        if ( ! $posts ) 
  • wp-admin/includes/bookmark.php

     
    8383 
    8484        wp_delete_object_term_relationships( $link_id, 'link_category' ); 
    8585 
     86        // @RawSQLUse, trivial_implementation 
    8687        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->links WHERE link_id = %d", $link_id ) ); 
    8788 
    8889        do_action( 'deleted_link', $link_id ); 
     
    186187        } 
    187188 
    188189        if ( $update ) { 
     190                // @RawSQLUse, method_exists 
    189191                if ( false === $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_url = %s, 
    190192                        link_name = %s, link_image = %s, link_target = %s, 
    191193                        link_visible = %s, link_description = %s, link_rating = %s, 
     
    197199                                return 0; 
    198200                } 
    199201        } else { 
     202                // @RawSQLUse, method_exists 
    200203                if ( false === $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 
    201204                $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss ) ) ) { 
    202205                        if ( $wp_error ) 
  • wp-admin/includes/post.php

     
    257257        } 
    258258 
    259259        if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) { 
     260                // @RawSQLUse, trivial_implementation 
    260261                $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'"); 
    261262                $children = array(); 
    262263 
     
    417418                $post_date = $wpdb->prepare("AND post_date = %s", $post_date); 
    418419 
    419420        if (!empty ($title)) 
     421                // @RawSQLUse, trivial_implementation 
    420422                return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); 
    421423        else 
    422424                if (!empty ($content)) 
     425                        // @RawSQLUse, trivial_implementation 
    423426                        return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); 
    424427 
    425428        return 0; 
     
    566569 
    567570                wp_cache_delete($post_ID, 'post_meta'); 
    568571 
     572                // @RawSQLUse, method_exists 
    569573                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) ); 
    570574                return $wpdb->insert_id; 
    571575        } 
     
    584588        global $wpdb; 
    585589        $mid = (int) $mid; 
    586590 
     591        // @RawSQLUse, trivial_implementation 
    587592        $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 
    588593        wp_cache_delete($post_id, 'post_meta'); 
    589594 
     595        // @RawSQLUse, trivial_implementation 
    590596        return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 
    591597} 
    592598 
     
    600606function get_meta_keys() { 
    601607        global $wpdb; 
    602608 
     609        // @RawSQLUse, simple_code 
    603610        $keys = $wpdb->get_col( " 
    604611                        SELECT meta_key 
    605612                        FROM $wpdb->postmeta 
     
    621628        global $wpdb; 
    622629        $mid = (int) $mid; 
    623630 
     631        // @RawSQLUse, trivial_implementation 
    624632        $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 
    625633        if ( is_serialized_string( $meta->meta_value ) ) 
    626634                $meta->meta_value = maybe_unserialize( $meta->meta_value ); 
     
    640648function has_meta( $postid ) { 
    641649        global $wpdb; 
    642650 
     651        // @RawSQLUse, simple_code 
    643652        return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id 
    644653                        FROM $wpdb->postmeta WHERE post_id = %d 
    645654                        ORDER BY meta_key,meta_id", $postid), ARRAY_A ); 
     
    664673        if ( in_array($meta_key, $protected) ) 
    665674                return false; 
    666675 
     676        // @RawSQLUse, trivial_implementation 
    667677        $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); 
    668678        wp_cache_delete($post_id, 'post_meta'); 
    669679 
     
    743753        global $wpdb; 
    744754        $old_ID = (int) $old_ID; 
    745755        $new_ID = (int) $new_ID; 
     756        // @RawSQLUse, method_exists 
    746757        return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); 
    747758} 
    748759 
     
    818829function get_available_post_mime_types($type = 'attachment') { 
    819830        global $wpdb; 
    820831 
     832        // @RawSQLUse, simple_code 
    821833        $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type)); 
    822834        return $types; 
    823835} 
  • wp-admin/includes/upgrade.php

     
    9595        // Default category 
    9696        $cat_name = $wpdb->escape(__('Uncategorized')); 
    9797        $cat_slug = sanitize_title(_c('Uncategorized|Default category slug')); 
     98        // @RawSQLUse, method_exists 
    9899        $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 
     100        // @RawSQLUse, method_exists 
    99101        $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); 
    100102 
    101103        // Default link category 
    102104        $cat_name = $wpdb->escape(__('Blogroll')); 
    103105        $cat_slug = sanitize_title(_c('Blogroll|Default link category slug')); 
     106        // @RawSQLUse, method_exists 
    104107        $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 
     108        // @RawSQLUse, method_exists 
    105109        $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')"); 
    106110 
    107111        // Now drop in some default links 
     112        // @RawSQLUse, method_exists 
    108113        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');"); 
     114        // @RawSQLUse, method_exists 
    109115        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); 
    110116 
     117        // @RawSQLUse, method_exists 
    111118        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');"); 
     119        // @RawSQLUse, method_exists 
    112120        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); 
    113121 
     122        // @RawSQLUse, method_exists 
    114123        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');"); 
     124        // @RawSQLUse, method_exists 
    115125        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" ); 
    116126 
     127        // @RawSQLUse, method_exists 
    117128        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');"); 
     129        // @RawSQLUse, method_exists 
    118130        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" ); 
    119131 
     132        // @RawSQLUse, method_exists 
    120133        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');"); 
     134        // @RawSQLUse, method_exists 
    121135        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" ); 
    122136 
     137        // @RawSQLUse, method_exists 
    123138        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');"); 
     139        // @RawSQLUse, method_exists 
    124140        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" ); 
    125141 
     142        // @RawSQLUse, method_exists 
    126143        $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');"); 
     144        // @RawSQLUse, method_exists 
    127145        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" ); 
    128146 
    129147        // First post 
    130148        $now = date('Y-m-d H:i:s'); 
    131149        $now_gmt = gmdate('Y-m-d H:i:s'); 
    132150        $first_post_guid = get_option('home') . '/?p=1'; 
     151        // @RawSQLUse, method_exists 
    133152        $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')"); 
     153        // @RawSQLUse, method_exists 
    134154        $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); 
    135155 
    136156        // Default comment 
     157        // @RawSQLUse, method_exists 
    137158        $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post&#039;s comments. There you will have the option to edit or delete them.'))."')"); 
    138159 
    139160        // First Page 
    140161        $first_post_guid = get_option('home') . '/?page_id=2'; 
     162        // @RawSQLUse, method_exists 
    141163        $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')"); 
    142164} 
    143165endif; 
     
    292314        global $wpdb; 
    293315 
    294316        // Get the title and ID of every post, post_name to check if it already has a value 
     317        // @RawSQLUse, trivial_implementation 
    295318        $posts = $wpdb->get_results("SELECT ID, post_title, post_name FROM $wpdb->posts WHERE post_name = ''"); 
    296319        if ($posts) { 
    297320                foreach($posts as $post) { 
    298321                        if ('' == $post->post_name) { 
    299322                                $newtitle = sanitize_title($post->post_title); 
     323                                // @RawSQLUse, method_exists 
    300324                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); 
    301325                        } 
    302326                } 
    303327        } 
    304328 
     329        // @RawSQLUse, trivial_implementation 
    305330        $categories = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename FROM $wpdb->categories"); 
    306331        foreach ($categories as $category) { 
    307332                if ('' == $category->category_nicename) { 
    308333                        $newtitle = sanitize_title($category->cat_name); 
     334                        // @RawSQLUse, method_exists 
    309335                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); 
    310336                } 
    311337        } 
    312338 
     339        // @RawSQLUse, algorithmic 
    313340        $wpdb->query("UPDATE $wpdb->options SET option_value = REPLACE(option_value, 'wp-links/links-images/', 'wp-images/links/') 
    314341        WHERE option_name LIKE 'links_rating_image%' 
    315342        AND option_value LIKE 'wp-links/links-images/%'"); 
    316343 
     344        // @RawSQLUse, simple_code 
    317345        $done_ids = $wpdb->get_results("SELECT DISTINCT post_id FROM $wpdb->post2cat"); 
    318346        if ($done_ids) : 
    319347                foreach ($done_ids as $done_id) : 
     
    324352                $catwhere = ''; 
    325353        endif; 
    326354 
     355        // @RawSQLUse, trivial_implementation 
    327356        $allposts = $wpdb->get_results("SELECT ID, post_category FROM $wpdb->posts WHERE post_category != '0' $catwhere"); 
    328357        if ($allposts) : 
    329358                foreach ($allposts as $post) { 
    330359                        // Check to see if it's already been imported 
     360                        // @RawSQLUse, trivial_implementation 
    331361                        $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); 
    332362                        if (!$cat && 0 != $post->post_category) { // If there's no result 
     363                                // @RawSQLUse, method_exists 
    333364                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat 
    334365                                        (post_id, category_id) 
    335366                                        VALUES (%s, %s) 
     
    366397        global $wpdb; 
    367398 
    368399        // Set user_nicename. 
     400        // @RawSQLUse, trivial_implementation 
    369401        $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users"); 
    370402        foreach ($users as $user) { 
    371403                if ('' == $user->user_nicename) { 
    372404                        $newname = sanitize_title($user->user_nickname); 
     405                        // @RawSQLUse, method_exists 
    373406                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); 
    374407                } 
    375408        } 
    376409 
     410        // @RawSQLUse, trivial_implementation 
    377411        $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users"); 
    378412        foreach ($users as $row) { 
    379413                if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { 
     414                        // @RawSQLUse, method_exists 
    380415                        $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); 
    381416                } 
    382417        } 
     
    401436        // Check if we already set the GMT fields (if we did, then 
    402437        // MAX(post_date_gmt) can't be '0000-00-00 00:00:00' 
    403438        // <michel_v> I just slapped myself silly for not thinking about it earlier 
     439        // @RawSQLUse, simple_code 
    404440        $got_gmt_fields = ($wpdb->get_var("SELECT MAX(post_date_gmt) FROM $wpdb->posts") == '0000-00-00 00:00:00') ? false : true; 
    405441 
    406442        if (!$got_gmt_fields) { 
     
    408444                // Add or substract time to all dates, to get GMT dates 
    409445                $add_hours = intval($diff_gmt_weblogger); 
    410446                $add_minutes = intval(60 * ($diff_gmt_weblogger - $add_hours)); 
     447                // @RawSQLUse, simple_code 
    411448                $wpdb->query("UPDATE $wpdb->posts SET post_date_gmt = DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 
     449                // @RawSQLUse, simple_code 
    412450                $wpdb->query("UPDATE $wpdb->posts SET post_modified = post_date"); 
     451                // @RawSQLUse, simple_code 
    413452                $wpdb->query("UPDATE $wpdb->posts SET post_modified_gmt = DATE_ADD(post_modified, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE) WHERE post_modified != '0000-00-00 00:00:00'"); 
     453                // @RawSQLUse, simple_code 
    414454                $wpdb->query("UPDATE $wpdb->comments SET comment_date_gmt = DATE_ADD(comment_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 
     455                // @RawSQLUse, simple_code 
    415456                $wpdb->query("UPDATE $wpdb->users SET user_registered = DATE_ADD(user_registered, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"); 
    416457        } 
    417458 
     
    426467        global $wpdb; 
    427468 
    428469        // Remove extraneous backslashes. 
     470        // @RawSQLUse, trivial_implementation 
    429471        $posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt, guid, post_date, post_name, post_status, post_author FROM $wpdb->posts"); 
    430472        if ($posts) { 
    431473                foreach($posts as $post) { 
     
    436478                                $guid = get_permalink($post->ID); 
    437479                        else 
    438480                                $guid = $post->guid; 
    439  
     481                        // @RawSQLUse, method_exists 
    440482                        $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'"); 
    441483                } 
    442484        } 
    443485 
    444486        // Remove extraneous backslashes. 
     487        // @RawSQLUse, trivial_implementation 
    445488        $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments"); 
    446489        if ($comments) { 
    447490                foreach($comments as $comment) { 
    448491                        $comment_content = addslashes(deslash($comment->comment_content)); 
    449492                        $comment_author = addslashes(deslash($comment->comment_author)); 
     493                        // @RawSQLUse, method_exists 
    450494                        $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'"); 
    451495                } 
    452496        } 
    453497 
    454498        // Remove extraneous backslashes. 
     499        // @RawSQLUse, trivial_implementation 
    455500        $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links"); 
    456501        if ($links) { 
    457502                foreach($links as $link) { 
    458503                        $link_name = addslashes(deslash($link->link_name)); 
    459504                        $link_description = addslashes(deslash($link->link_description)); 
     505                        // @RawSQLUse, method_exists 
    460506                        $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'"); 
    461507                } 
    462508        } 
    463509 
    464510        // The "paged" option for what_to_show is no more. 
     511        // @RawSQLUse, trivial_implementation 
    465512        if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') { 
     513                // @RawSQLUse, method_exists 
    466514                $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'"); 
    467515        } 
    468516 
     
    476524        } 
    477525 
    478526        // Obsolete tables 
     527        // @RawSQLUse, trivial_implementation 
    479528        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optionvalues'); 
     529        // @RawSQLUse, trivial_implementation 
    480530        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiontypes'); 
     531        // @RawSQLUse, trivial_implementation 
    481532        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroups'); 
     533        // @RawSQLUse, trivial_implementation 
    482534        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroup_options'); 
    483535 
    484536        // Update comments table to use comment_type 
     537        // @RawSQLUse, simple_code 
    485538        $wpdb->query("UPDATE $wpdb->comments SET comment_type='trackback', comment_content = REPLACE(comment_content, '<trackback />', '') WHERE comment_content LIKE '<trackback />%'"); 
     539        // @RawSQLUse, simple_code 
    486540        $wpdb->query("UPDATE $wpdb->comments SET comment_type='pingback', comment_content = REPLACE(comment_content, '<pingback />', '') WHERE comment_content LIKE '<pingback />%'"); 
    487541 
    488542        // Some versions have multiple duplicate option_name rows with the same values 
     543        // @RawSQLUse, simple_code 
    489544        $options = $wpdb->get_results("SELECT option_name, COUNT(option_name) AS dupes FROM `$wpdb->options` GROUP BY option_name"); 
    490545        foreach ( $options as $option ) { 
    491546                if ( 1 != $option->dupes ) { // Could this be done in the query? 
    492547                        $limit = $option->dupes - 1; 
     548                        // @RawSQLUse, simple_code 
    493549                        $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) ); 
    494550                        $dupe_ids = join($dupe_ids, ','); 
     551                        // @RawSQLUse, algorithmic 
    495552                        $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)"); 
    496553                } 
    497554        } 
     
    509566 
    510567        populate_roles_160(); 
    511568 
     569        // @RawSQLUse, method_exists 
    512570        $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); 
    513571        foreach ( $users as $user ) : 
    514572                if ( !empty( $user->user_firstname ) ) 
     
    539597                        if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; 
    540598                        if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; 
    541599                        if (!$idmode) $id = $user->user_nickname; 
     600                        // @RawSQLUse, method_exists 
    542601                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); 
    543602                endif; 
    544603 
     
    554613        $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' ); 
    555614        $wpdb->hide_errors(); 
    556615        foreach ( $old_user_fields as $old ) 
     616                // @RawSQLUse, trivial_implementation 
    557617                $wpdb->query("ALTER TABLE $wpdb->users DROP $old"); 
    558618        $wpdb->show_errors(); 
    559619 
    560620        // populate comment_count field of posts table 
     621        // @RawSQLUse, simple_code 
    561622        $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); 
    562623        if( is_array( $comments ) ) { 
    563624                foreach ($comments as $comment) { 
     625                        // @RawSQLUse, method_exists 
    564626                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); 
    565627                } 
    566628        } 
     
    568630        // Some alpha versions used a post status of object instead of attachment and put 
    569631        // the mime type in post_type instead of post_mime_type. 
    570632        if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { 
     633                // @RawSQLUse, trivial_implementation 
    571634                $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); 
    572635                foreach ($objects as $object) { 
     636                        // @RawSQLUse, method_exists 
    573637                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', 
    574638                        post_mime_type = %s, 
    575639                        post_type = '' 
     
    592656 
    593657        if ( $wp_current_db_version < 3506 ) { 
    594658                // Update status and type. 
     659                // @RawSQLUse, trivial_implementation 
    595660                $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 
    596661 
    597662                if ( ! empty($posts) ) foreach ($posts as $post) { 
     
    605670                                $status = 'inherit'; 
    606671                                $type = 'attachment'; 
    607672                        } 
    608  
     673                        // @RawSQLUse, method_exists 
    609674                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); 
    610675                } 
    611676        } 
     
    617682        if ( $wp_current_db_version < 3531 ) { 
    618683                // Give future posts a post_status of future. 
    619684                $now = gmdate('Y-m-d H:i:59'); 
     685                // @RawSQLUse, method_exists 
    620686                $wpdb->query ("UPDATE $wpdb->posts SET post_status = 'future' WHERE post_status = 'publish' AND post_date_gmt > '$now'"); 
    621687 
     688                // @RawSQLUse, method_exists 
    622689                $posts = $wpdb->get_results("SELECT ID, post_date FROM $wpdb->posts WHERE post_status ='future'"); 
    623690                if ( !empty($posts) ) 
    624691                        foreach ( $posts as $post ) 
     
    641708        // Convert categories to terms. 
    642709        $tt_ids = array(); 
    643710        $have_tags = false; 
     711        // @RawSQLUse, simple_code 
    644712        $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID"); 
    645713        foreach ($categories as $category) { 
    646714                $term_id = (int) $category->cat_ID; 
     
    651719                $term_group = 0; 
    652720 
    653721                // Associate terms with the same slug in a term group and make slugs unique. 
     722                // @RawSQLUse, trivial_implementation 
    654723                if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 
    655724                        $term_group = $exists[0]->term_group; 
    656725                        $id = $exists[0]->term_id; 
     
    658727                        do { 
    659728                                $alt_slug = $slug . "-$num"; 
    660729                                $num++; 
     730                                // @RawSQLUse, trivial_implementation 
    661731                                $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); 
    662732                        } while ( $slug_check ); 
    663733 
    664734                        $slug = $alt_slug; 
    665735 
    666736                        if ( empty( $term_group ) ) { 
     737                                // @RawSQLUse, simple_code 
    667738                                $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; 
     739                                // @RawSQLUse, method_exists 
    668740                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); 
    669741                        } 
    670742                } 
    671  
     743                // @RawSQLUse, method_exists 
    672744                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES 
    673745                (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); 
    674746 
     
    676748                if ( !empty($category->category_count) ) { 
    677749                        $count = (int) $category->category_count; 
    678750                        $taxonomy = 'category'; 
     751                        // @RawSQLUse, method_exists 
    679752                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 
    680753                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 
    681754                } 
     
    683756                if ( !empty($category->link_count) ) { 
    684757                        $count = (int) $category->link_count; 
    685758                        $taxonomy = 'link_category'; 
     759                        // @RawSQLUse, method_exists 
    686760                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 
    687761                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 
    688762                } 
     
    691765                        $have_tags = true; 
    692766                        $count = (int) $category->tag_count; 
    693767                        $taxonomy = 'post_tag'; 
     768                        // @RawSQLUse, method_exists 
    694769                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 
    695770                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 
    696771                } 
     
    698773                if ( empty($count) ) { 
    699774                        $count = 0; 
    700775                        $taxonomy = 'category'; 
     776                        // @RawSQLUse, method_exists 
    701777                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 
    702778                        $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 
    703779                } 
     
    707783        if ( $have_tags ) 
    708784                $select .= ', rel_type'; 
    709785 
     786        // @RawSQLUse, simple_code 
    710787        $posts = $wpdb->get_results("SELECT $select FROM $wpdb->post2cat GROUP BY post_id, category_id"); 
    711788        foreach ( $posts as $post ) { 
    712789                $post_id = (int) $post->post_id; 
     
    717794                $tt_id = $tt_ids[$term_id][$taxonomy]; 
    718795                if ( empty($tt_id) ) 
    719796                        continue; 
    720  
     797                 
     798                // @RawSQLUse, method_exists 
    721799                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); 
    722800        } 
    723801 
     
    728806                $link_cat_id_map = array(); 
    729807                $default_link_cat = 0; 
    730808                $tt_ids = array(); 
     809                // @RawSQLUse, trivial_implementation 
    731810                $link_cats = $wpdb->get_results("SELECT cat_id, cat_name FROM " . $wpdb->prefix . 'linkcategories'); 
    732811                foreach ( $link_cats as $category) { 
    733812                        $cat_id = (int) $category->cat_id; 
     
    737816                        $term_group = 0; 
    738817 
    739818                        // Associate terms with the same slug in a term group and make slugs unique. 
     819                        // @RawSQLUse, trivial_implementation 
    740820                        if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 
    741821                                $term_group = $exists[0]->term_group; 
    742822                                $term_id = $exists[0]->term_id; 
    743823                        } 
    744824 
    745825                        if ( empty($term_id) ) { 
     826                                // @RawSQLUse, method_exists 
    746827                                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); 
    747828                                $term_id = (int) $wpdb->insert_id; 
    748829                        } 
    749830 
    750831                        $link_cat_id_map[$cat_id] = $term_id; 
    751832                        $default_link_cat = $term_id; 
    752  
     833                         
     834                        // @RawSQLUse, method_exists                     
    753835                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); 
    754836                        $tt_ids[$term_id] = (int) $wpdb->insert_id; 
    755837                } 
    756838 
    757839                // Associate links to cats. 
     840                // @RawSQLUse, trivial_implementation 
    758841                $links = $wpdb->get_results("SELECT link_id, link_category FROM $wpdb->links"); 
    759842                if ( !empty($links) ) foreach ( $links as $link ) { 
    760843                        if ( 0 == $link->link_category ) 
     
    766849                        if ( empty($tt_id) ) 
    767850                                continue; 
    768851 
     852                        // @RawSQLUse, method_exists 
    769853                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); 
    770854                } 
    771855 
    772856                // Set default to the last category we grabbed during the upgrade loop. 
    773857                update_option('default_link_category', $default_link_cat); 
    774858        } else { 
     859                // @RawSQLUse, simple_code 
    775860                $links = $wpdb->get_results("SELECT link_id, category_id FROM $wpdb->link2cat GROUP BY link_id, category_id"); 
    776861                foreach ( $links as $link ) { 
    777862                        $link_id = (int) $link->link_id; 
     
    781866                        if ( empty($tt_id) ) 
    782867                                continue; 
    783868 
     869                        // @RawSQLUse, method_exists 
    784870                        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); 
    785871                } 
    786872        } 
    787873 
    788874        if ( $wp_current_db_version < 4772 ) { 
    789875                // Obsolete linkcategories table 
     876                // @RawSQLUse, trivial_implementation 
    790877                $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'linkcategories'); 
    791878        } 
    792879 
    793880        // Recalculate all counts 
     881        // @RawSQLUse, trivial_implementation 
    794882        $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); 
    795883        foreach ( (array) $terms as $term ) { 
    796884                if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) 
     885                        // @RawSQLUse, simple_code 
    797886                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); 
    798887                else 
     888                        // @RawSQLUse, simple_code 
    799889                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); 
     890                        // @RawSQLUse, method_exists 
    800891                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); 
    801892        } 
    802893} 
     
    811902        $old_options_fields = array( 'option_can_override', 'option_type', 'option_width', 'option_height', 'option_description', 'option_admin_level' ); 
    812903        $wpdb->hide_errors(); 
    813904        foreach ( $old_options_fields as $old ) 
     905                // @RawSQLUse, trivial_implementation 
    814906                $wpdb->query("ALTER TABLE $wpdb->options DROP $old"); 
    815907        $wpdb->show_errors(); 
    816908} 
     
    822914 */ 
    823915function upgrade_230_old_tables() { 
    824916        global $wpdb; 
     917        // @RawSQLUse, trivial_implementation 
    825918        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'categories'); 
     919        // @RawSQLUse, trivial_implementation 
    826920        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'link2cat'); 
     921        // @RawSQLUse, trivial_implementation 
    827922        $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'post2cat'); 
    828923} 
    829924 
     
    835930function upgrade_old_slugs() { 
    836931        // upgrade people who were using the Redirect Old Slugs plugin 
    837932        global $wpdb; 
     933        // @RawSQLUse, method_exists 
    838934        $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '_wp_old_slug' WHERE meta_key = 'old_slug'"); 
    839935} 
    840936 
     
    872968function upgrade_252() { 
    873969        global $wpdb; 
    874970 
     971        // @RawSQLUse, method_exists 
    875972        $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); 
    876973} 
    877974 
     
    9051002 
    9061003        // Update post_date for unpublished posts with empty timestamp 
    9071004        if ( $wp_current_db_version < 8921 ) 
     1005                // @RawSQLUse, method_exists 
    9081006                $wpdb->query( "UPDATE $wpdb->posts SET post_date = post_modified WHERE post_date = '0000-00-00 00:00:00'" ); 
    9091007} 
    9101008 
     
    9261024 */ 
    9271025function maybe_create_table($table_name, $create_ddl) { 
    9281026        global $wpdb; 
     1027        // @RawSQLUse, trivial_implementation 
    9291028        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    9301029                if ($table == $table_name) { 
    9311030                        return true; 
     
    9341033        //didn't find it try to create it. 
    9351034        $q = $wpdb->query($create_ddl); 
    9361035        // we cannot directly tell that whether this succeeded! 
     1036        // @RawSQLUse, trivial_implementation 
    9371037        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    9381038                if ($table == $table_name) { 
    9391039                        return true; 
     
    9561056function drop_index($table, $index) { 
    9571057        global $wpdb; 
    9581058        $wpdb->hide_errors(); 
     1059        // @RawSQLUse, trivial_implementation 
    9591060        $wpdb->query("ALTER TABLE `$table` DROP INDEX `$index`"); 
    9601061        // Now we need to take out all the extra ones we may have created 
    9611062        for ($i = 0; $i < 25; $i++) { 
     1063                // @RawSQLUse, trivial_implementation 
    9621064                $wpdb->query("ALTER TABLE `$table` DROP INDEX `{$index}_$i`"); 
    9631065        } 
    9641066        $wpdb->show_errors(); 
     
    9791081function add_clean_index($table, $index) { 
    9801082        global $wpdb; 
    9811083        drop_index($table, $index); 
     1084        // @RawSQLUse, trivial_implementation 
    9821085        $wpdb->query("ALTER TABLE `$table` ADD INDEX ( `$index` )"); 
    9831086        return true; 
    9841087} 
     
    9911094 */ 
    9921095function maybe_add_column($table_name, $column_name, $create_ddl) { 
    9931096        global $wpdb, $debug; 
     1097        // @RawSQLUse, trivial_implementation 
    9941098        foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { 
    9951099                if ($debug) echo("checking $column == $column_name<br />"); 
    9961100                if ($column == $column_name) { 
     
    10001104        //didn't find it try to create it. 
    10011105        $q = $wpdb->query($create_ddl); 
    10021106        // we cannot directly tell that whether this succeeded! 
     1107        // @RawSQLUse, trivial_implementation 
    10031108        foreach ($wpdb->get_col("DESC $table_name", 0) as $column ) { 
    10041109                if ($column == $column_name) { 
    10051110                        return true; 
     
    10171122 */ 
    10181123function get_alloptions_110() { 
    10191124        global $wpdb; 
     1125        // @RawSQLUse, trivial_implementation 
    10201126        if ($options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options")) { 
    10211127                foreach ($options as $option) { 
    10221128                        // "When trying to design a foolproof system, 
     
    10501156                return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); 
    10511157        } 
    10521158 
     1159        // @RawSQLUse, trivial_implementation 
    10531160        $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); 
    10541161 
    10551162        if ( 'home' == $setting && '' == $option ) 
     
    11371244        } 
    11381245 
    11391246        // Check to see which tables and fields exist 
     1247        // @RawSQLUse, trivial_implementation 
    11401248        if($tables = $wpdb->get_col('SHOW TABLES;')) { 
    11411249                // For every table in the database 
    11421250                foreach($tables as $table) { 
     
    11831291                                } 
    11841292 
    11851293                                // Fetch the table column structure from the database 
     1294                                // @RawSQLUse, trivial_implementation 
    11861295                                $tablefields = $wpdb->get_results("DESCRIBE {$table};"); 
    11871296 
    11881297                                // For every field in the table 
     
    12291338 
    12301339                                // Index stuff goes here 
    12311340                                // Fetch the table index structure from the database 
     1341                                // @RawSQLUse, trivial_implementation 
    12321342                                $tableindices = $wpdb->get_results("SHOW INDEX FROM {$table};"); 
    12331343 
    12341344                                if($tableindices) { 
  • wp-admin/includes/dashboard.php

     
    437437        $comments = array(); 
    438438        $start = 0; 
    439439 
     440        // @RawSQLUse, simple_code 
    440441        while ( count( $comments ) < 5 && $possible = $wpdb->get_results( "SELECT * FROM $wpdb->comments ORDER BY comment_date_gmt DESC LIMIT $start, 50" ) ) { 
    441442 
    442443                foreach ( $possible as $comment ) { 
  • wp-admin/includes/schema.php

     
    311311        // Set up a few options not to load by default 
    312312        $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' ); 
    313313        foreach ($fatoptions as $fatoption) : 
     314                // @RawSQLUse, method_exists 
    314315                $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); 
    315316        endforeach; 
    316317} 
  • wp-admin/includes/comment.php

     
    1919function comment_exists($comment_author, $comment_date) { 
    2020        global $wpdb; 
    2121 
     22        // @RawSQLUse, trivial_implementation 
    2223        return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 
    2324                        WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 
    2425} 
     
    112113        $post_id = array_map('intval', $post_id); 
    113114        $post_id = "'" . implode("', '", $post_id) . "'"; 
    114115 
     116        // @RawSQLUse, simple_code 
    115117        $pending = $wpdb->get_results( "SELECT comment_post_ID, COUNT(comment_ID) as num_comments FROM $wpdb->comments WHERE comment_post_ID IN ( $post_id ) AND comment_approved = '0' GROUP BY comment_post_ID", ARRAY_N ); 
    116118 
    117119        if ( empty($pending) ) 
  • wp-admin/includes/template.php

     
    16871687                        // catch and repair bad pages 
    16881688                        if ( $page->post_parent == $page->ID ) { 
    16891689                                $page->post_parent = 0; 
     1690                                // @RawSQLUse, method_exists 
    16901691                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) ); 
    16911692                                clean_page_cache( $page->ID ); 
    16921693                        } 
     
    19741975                $query = "FROM $wpdb->comments USE INDEX (comment_date_gmt) WHERE $approved $post $typesql"; 
    19751976        } 
    19761977 
     1978    // @RawSQLUse, algorithmic 
    19771979        $comments = $wpdb->get_results("SELECT * $query $orderby"); 
     1980    // @RawSQLUse, algorithmic 
    19781981        if ( '' === $total ) 
    19791982                $total = $wpdb->get_var("SELECT COUNT(comment_ID) $query"); 
    19801983 
     
    23682371function meta_form() { 
    23692372        global $wpdb; 
    23702373        $limit = (int) apply_filters( 'postmeta_form_limit', 30 ); 
     2374        // @RawSQLUse, algorithmic 
    23712375        $keys = $wpdb->get_col( " 
    23722376                SELECT meta_key 
    23732377                FROM $wpdb->postmeta 
     
    25262530 */ 
    25272531function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) { 
    25282532        global $wpdb, $post_ID; 
     2533        // @RawSQLUse, simple_code 
    25292534        $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) ); 
    25302535 
    25312536        if ( $items ) { 
  • wp-admin/includes/user.php

     
    197197function get_author_user_ids() { 
    198198        global $wpdb; 
    199199        $level_key = $wpdb->prefix . 'user_level'; 
     200        // @RawSQLUse, trivial_implementation 
    200201        return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); 
    201202} 
    202203 
     
    219220                return false; 
    220221        } else { 
    221222                $editable = join(',', $editable); 
     223                // @RawSQLUse, simple_code 
    222224                $authors = $wpdb->get_results( "SELECT * FROM $wpdb->users WHERE ID IN ($editable) ORDER BY display_name" ); 
    223225        } 
    224226 
     
    250252 
    251253        $level_key = $wpdb->prefix . 'user_level'; 
    252254 
     255        // @RawSQLUse, trivial_implementation 
    253256        $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); 
    254257        if ( $exclude_zeros ) 
    255258                $query .= " AND meta_value != '0'"; 
     
    295298        global $wpdb; 
    296299        $level_key = $wpdb->prefix . 'user_level'; 
    297300 
     301        // @RawSQLUse, trivial_implementation 
    298302        return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); 
    299303} 
    300304 
     
    323327                $other_unpubs = ''; 
    324328        } else { 
    325329                $editable = join(',', $editable); 
     330                // @RawSQLUse, simple_code 
    326331                $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) ); 
    327332        } 
    328333 
     
    388393 */ 
    389394function get_users_drafts( $user_id ) { 
    390395        global $wpdb; 
     396        // @RawSQLUse, simple_code 
    391397        $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); 
    392398        $query = apply_filters('get_users_drafts', $query); 
    393399        return $wpdb->get_results( $query ); 
     
    413419        $id = (int) $id; 
    414420 
    415421        if ($reassign == 'novalue') { 
     422                // @RawSQLUse, trivial_implementation 
    416423                $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); 
    417424 
    418425                if ($post_ids) { 
     
    421428                } 
    422429 
    423430                // Clean links 
     431                // @RawSQLUse, trivial_implementation 
    424432                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); 
    425433        } else { 
    426434                $reassign = (int) $reassign; 
     435                // @RawSQLUse, method_exists 
    427436                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); 
     437                // @RawSQLUse, method_exists 
    428438                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) ); 
    429439        } 
    430440 
    431441        // FINALLY, delete user 
    432442        do_action('delete_user', $id); 
    433443 
     444        // @RawSQLUse, trivial_implementation 
    434445        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) ); 
     446        // @RawSQLUse, trivial_implementation 
    435447        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) ); 
    436448 
    437449        wp_cache_delete($id, 'users'); 
     
    628640         * 
    629641         * @since unknown 
    630642         * @access public 
     643         * @RawSQLUse, algorithmic 
    631644         */ 
    632645        function prepare_query() { 
    633646                global $wpdb; 
     
    663676         */ 
    664677        function query() { 
    665678                global $wpdb; 
     679                // @RawSQLUse, simple_code 
    666680                $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_sort . $this->query_limit); 
    667681 
    668682                if ( $this->results ) 
     683                        // @RawSQLUse, simple_code 
    669684                        $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit 
    670685                else 
    671686                        $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!')); 
  • wp-admin/includes/media.php

     
    4141        } 
    4242 
    4343        if ( intval($_REQUEST['post_id']) ) 
     44                // @RawSQLUse, simple_code 
    4445                $attachments = intval($wpdb->get_var($wpdb->prepare("SELECT count(*) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $_REQUEST['post_id']))); 
    4546 
    4647        if ( empty($attachments) ) { 
     
    17161717<div class="alignleft actions"> 
    17171718<?php 
    17181719 
     1720// @RawSQLUse, simple_code 
    17191721$arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC"; 
    17201722 
    17211723$arc_result = $wpdb->get_results( $arc_query ); 
  • wp-admin/includes/export.php

     
    4141} 
    4242 
    4343// grab a snapshot of post IDs, just in case it changes during the export 
     44// @RawSQLUse, simple_code 
    4445$post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts $where ORDER BY post_date_gmt ASC"); 
    4546 
    4647$categories = (array) get_categories('get=all'); 
     
    263264                // fetch 20 posts at a time rather than loading the entire table into memory 
    264265                while ( $next_posts = array_splice($post_ids, 0, 20) ) { 
    265266                        $where = "WHERE ID IN (".join(',', $next_posts).")"; 
     267                        // @RawSQLUse, simple_code 
    266268                        $posts = $wpdb->get_results("SELECT * FROM $wpdb->posts $where ORDER BY post_date_gmt ASC"); 
    267269                                foreach ($posts as $post) { 
    268270                        // Don't export revisions.  They bloat the export. 
     
    296298<wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url> 
    297299<?php } ?> 
    298300<?php 
     301// @RawSQLUse, trivial_implementation 
    299302$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); 
    300303if ( $postmeta ) { 
    301304?> 
     
    307310<?php } ?> 
    308311<?php } ?> 
    309312<?php 
     313// @RawSQLUse, trivial_implementation 
    310314$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); 
    311315if ( $comments ) { foreach ( $comments as $c ) { ?> 
    312316<wp:comment> 
  • wp-admin/install-helper.php

     
    7373 */ 
    7474function maybe_create_table($table_name, $create_ddl) { 
    7575        global $wpdb; 
     76        // @RawSQLUse, trivial_implementation 
    7677        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    7778                if ($table == $table_name) { 
    7879                        return true; 
     
    8182        //didn't find it try to create it. 
    8283        $wpdb->query($create_ddl); 
    8384        // we cannot directly tell that whether this succeeded! 
     85        // @RawSQLUse, trivial_implementation 
    8486        foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 
    8587                if ($table == $table_name) { 
    8688                        return true; 
     
    107109 */ 
    108110function maybe_add_column($table_name, $column_name, $create_ddl) { 
    109111        global $wpdb, $debug; 
     112        // @RawSQLUse, trivial_implementation 
    110113        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 
    111114                if ($debug) echo("checking $column == $column_name<br />"); 
    112115 
     
    117120        //didn't find it try to create it. 
    118121        $wpdb->query($create_ddl); 
    119122        // we cannot directly tell that whether this succeeded! 
     123        // @RawSQLUse, trivial_implementation 
    120124        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 
    121125                if ($column == $column_name) { 
    122126                        return true; 
     
    141145 */ 
    142146function maybe_drop_column($table_name, $column_name, $drop_ddl) { 
    143147        global $wpdb; 
     148        // @RawSQLUse, trivial_implementation 
    144149        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 
    145150                if ($column == $column_name) { 
    146151                        //found it try to drop it. 
    147152                        $wpdb->query($drop_ddl); 
    148153                        // we cannot directly tell that whether this succeeded! 
     154                        // @RawSQLUse, trivial_implementation 
    149155                        foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 
    150156                                if ($column == $column_name) { 
    151157                                        return false; 
     
    189195function check_column($table_name, $col_name, $col_type, $is_null = null, $key = null, $default = null, $extra = null) { 
    190196        global $wpdb, $debug; 
    191197        $diffs = 0; 
     198        // @RawSQLUse, trivial_implementation 
    192199        $results = $wpdb->get_results("DESC $table_name"); 
    193200 
    194201        foreach ($results as $row ) { 
  • wp-admin/import/btt.php

     
    7777                echo '<p><h3>'.__('Reading Bunny&#8217;s Technorati Tags&#8230;').'</h3></p>'; 
    7878 
    7979                // import Bunny's Keywords tags 
     80                // @RawSQLUse, trivial_implementation 
    8081                $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'"); 
    8182                if ( !is_array($metakeys)) { 
    8283                        echo '<p>' . __('No Tags Found!') . '</p>'; 
  • wp-admin/import/jkw.php

     
    9292                echo '<p><h3>'.__('Reading Jerome&#8217;s Keywords Tags&#8230;').'</h3></p>'; 
    9393 
    9494                // import Jerome's Keywords tags 
     95                // @RawSQLUse, trivial_implementation 
    9596                $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'"); 
    9697                if ( !is_array($metakeys)) { 
    9798                        echo '<p>' . __('No Tags Found!') . '</p>'; 
     
    133134 
    134135                // import Jerome's Keywords tags 
    135136                $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1); 
     137                // @RawSQLUse, trivial_implementation 
    136138                $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename"); 
    137139                if ( !is_array($metakeys) ) { 
    138140                        echo '<p>' . __('No Tags Found!') . '</p>'; 
     
    164166                /* options from V2.0a (jeromes-keywords.php) */ 
    165167                $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin'); 
    166168 
     169                // @RawSQLUse, trivial_implementation 
    167170                $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1)); 
    168171 
    169172                foreach ( $options as $o ) 
  • wp-admin/import/dotclear.php

     
    2626        function get_comment_count($post_ID) 
    2727        { 
    2828                global $wpdb; 
     29                // @RawSQLUse, simple_code 
    2930                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    3031        } 
    3132} 
     
    4445        function link_exists($linkname) 
    4546        { 
    4647                global $wpdb; 
     48                // @RawSQLUse, trivial_implementation 
    4749                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 
    4850        } 
    4951} 
     
    228230                $dbprefix = get_option('dcdbprefix'); 
    229231 
    230232                // Get Categories 
     233                // @RawSQLUse, trivial_implementation 
    231234                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A); 
    232235        } 
    233236 
     
    241244 
    242245                // Get Users 
    243246 
     247                // @RawSQLUse, trivial_implementation 
    244248                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A); 
    245249        } 
    246250 
     
    252256                $dbprefix = get_option('dcdbprefix'); 
    253257 
    254258                // Get Posts 
     259                // @RawSQLUse, algorithmic 
    255260                return $dcdb->get_results('SELECT '.$dbprefix.'post.*, '.$dbprefix.'categorie.cat_libelle_url AS post_cat_name 
    256261                                                FROM '.$dbprefix.'post INNER JOIN '.$dbprefix.'categorie 
    257262                                                ON '.$dbprefix.'post.cat_id = '.$dbprefix.'categorie.cat_id', ARRAY_A); 
     
    266271                $dbprefix = get_option('dcdbprefix'); 
    267272 
    268273                // Get Comments 
     274                // @RawSQLUse, trivial_implementation 
    269275                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A); 
    270276        } 
    271277 
     
    276282                set_magic_quotes_runtime(0); 
    277283                $dbprefix = get_option('dcdbprefix'); 
    278284 
     285                // @RawSQLUse, simple_code 
    279286                return $dcdb->get_results('SELECT * FROM '.$dbprefix.'link ORDER BY position', ARRAY_A); 
    280287        } 
    281288 
  • wp-admin/import/stp.php

     
    117117        function get_stp_posts ( ) { 
    118118                global $wpdb; 
    119119                // read in all the posts from the STP post->tag table: should be wp_post2tag 
     120                // @RawSQLUse, trivial_implementation 
    120121                $posts_query = "SELECT post_id, tag_name FROM " . $wpdb->prefix . "stp_tags"; 
    121122                $posts = $wpdb->get_results($posts_query); 
    122123                return $posts; 
  • wp-admin/import/wp-cat2tag.php

     
    270270                                        } 
    271271 
    272272                                        if ( $values ) { 
     273                                                // @RawSQLUse, simple_code 
    273274                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 
    274275 
     276                                                // @RawSQLUse, method_exists 
    275277                                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $category->count, $category->term_id) ); 
    276278                                        } 
    277279 
     
    280282                                } 
    281283 
    282284                                // if tag already exists, add it to all posts in the category 
     285                                // @RawSQLUse, trivial_implementation 
    283286                                if ( $tag_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $category->term_id) ) ) { 
    284287                                        $objects_ids = get_objects_in_term($category->term_id, 'category'); 
    285288                                        $tag_ttid = (int) $tag_ttid; 
     
    289292                                                $values[] = $wpdb->prepare( "(%d, %d, %d)", $object_id, $tag_ttid, $term_order); 
    290293 
    291294                                        if ( $values ) { 
     295                                                // @RawSQLUse, simple_code 
    292296                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 
    293297 
     298                                                // @RawSQLUse, simple_code 
    294299                                                $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag_ttid) ); 
     300                                                // @RawSQLUse, method_exists 
    295301                                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $count, $category->term_id) ); 
    296302                                        } 
    297303                                        echo __('Tag added to all posts in this category.') . " *</li>\n"; 
     
    303309                                        continue; 
    304310                                } 
    305311 
     312                                // @RawSQLUse, trivial_implementation 
    306313                                $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 
    307314                                if ( $tt_ids ) { 
     315                                        // @RawSQLUse, simple_code 
    308316                                        $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); 
    309317                                        foreach ( (array) $posts as $post ) 
    310318                                                clean_post_cache($post); 
    311319                                } 
    312320 
    313321                                // Change the category to a tag. 
     322                                // @RawSQLUse, method_exists 
    314323                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 
    315324 
    316325                                // Set all parents to 0 (root-level) if their parent was the converted tag 
     326                                // @RawSQLUse, method_exists 
    317327                                $parents = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); 
    318328 
    319329                                if ( $parents ) $clear_parents = true; 
     
    366376                        if ( $tag = get_term( $tag_id, 'post_tag' ) ) { 
    367377                                printf('<li>' . __('Converting tag <strong>%s</strong> ... '),  $tag->name); 
    368378 
     379                                // @RawSQLUse, trivial_implementation 
    369380                                if ( $cat_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $tag->term_id) ) ) { 
    370381                                        $objects_ids = get_objects_in_term($tag->term_id, 'post_tag'); 
    371382                                        $cat_ttid = (int) $cat_ttid; 
     
    377388                                        } 
    378389 
    379390                                        if ( $values ) { 
     391                                                // @RawSQLUse, simple_code 
    380392                                                $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 
    381393 
    382394                                                if ( $default_cat != $tag->term_id ) { 
     395                                                        // @RawSQLUse, simple_code 
    383396                                                        $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag->term_id) ); 
     397                                                        // @RawSQLUse, method_exists 
    384398                                                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'category'", $count, $tag->term_id) ); 
    385399                                                } 
    386400                                        } 
     
    394408                                } 
    395409 
    396410                                // Change the tag to a category. 
     411                                // @RawSQLUse, trivial_implementation 
    397412                                $parent = $wpdb->get_var( $wpdb->prepare("SELECT parent FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 
    398413                                if ( 0 == $parent || (0 < (int) $parent && $this->_category_exists($parent)) ) { 
    399414                                        $reset_parent = ''; 
     
    401416                                } else 
    402417                                        $reset_parent = ", parent = '0'"; 
    403418 
     419                                // @RawSQLUse, method_exists 
    404420                                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'category' $reset_parent WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 
    405421 
    406422                                $clean_term_cache[] = $tag->term_id; 
  • wp-admin/import/utw.php

     
    187187                global $wpdb; 
    188188 
    189189                // read in all the tags from the UTW tags table: should be wp_tags 
     190                // @RawSQLUse, trivial_implementation 
    190191                $tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags"; 
    191192 
    192193                $tags = $wpdb->get_results($tags_query); 
     
    207208                global $wpdb; 
    208209 
    209210                // read in all the posts from the UTW post->tag table: should be wp_post2tag 
     211                // @RawSQLUse, trivial_implementation 
    210212                $posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag"; 
    211213 
    212214                $posts = $wpdb->get_results($posts_query); 
  • wp-admin/import/mt.php

     
    5757 
    5858        function users_form($n) { 
    5959                global $wpdb; 
     60                // @RawSQLUse, simple_code 
    6061                $users = $wpdb->get_results("SELECT * FROM $wpdb->users ORDER BY ID"); 
    6162?><select name="userselect[<?php echo $n; ?>]"> 
    6263        <option value="#NONE#"><?php _e('- Select -') ?></option> 
  • wp-admin/import/blogger.php

     
    647647 
    648648                if ( !isset( $blog['authors'] ) ) { 
    649649                        $post_ids = array_values($blog['posts']); 
     650                        // @RawSQLUse, algorithmic 
    650651                        $authors = (array) $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN (" . join( ',', $post_ids ) . ")"); 
    651652                        $blog['authors'] = array_map(null, $authors, array_fill(0, count($authors), $current_user->ID)); 
    652653                        $this->save_vars(); 
     
    685686                $host = $this->blogs[$importing_blog]['host']; 
    686687 
    687688                // Get an array of posts => authors 
     689                // @RawSQLUse, trivial_implementation 
    688690                $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); 
    689691                $post_ids = join( ',', $post_ids ); 
     692                // @RawSQLUse, algorithmic 
    690693                $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); 
    691694                foreach ( $results as $row ) 
    692695                        $authors_posts[$row->post_id] = $row->meta_value; 
     
    702705                        $post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] ); 
    703706                        $post_ids = join( ',', $post_ids); 
    704707 
     708                        // @RawSQLUse, algorithmic 
    705709                        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) ); 
    706710                        $this->blogs[$importing_blog]['authors'][$author][1] = $user_id; 
    707711                } 
     
    762766                        $this->revoke( $options['token'] ); 
    763767 
    764768                delete_option('blogger_importer'); 
     769                // @RawSQLUse, trivial_implementation 
    765770                $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'"); 
    766771                wp_redirect('?import=blogger'); 
    767772        } 
  • wp-admin/import/textpattern.php

     
    2020        function get_comment_count($post_ID) 
    2121        { 
    2222                global $wpdb; 
     23                // @RawSQLUse, simple_code 
    2324                return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 
    2425        } 
    2526} 
     
    3839        function link_exists($linkname) 
    3940        { 
    4041                global $wpdb; 
     42                // @RawSQLUse, trivial_implementation 
    4143                return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 
    4244        } 
    4345} 
     
    8486                $prefix = get_option('tpre'); 
    8587 
    8688                // Get Categories 
     89                // @RawSQLUse, trivial_implementation 
    8790                return $txpdb->get_results('SELECT 
    8891                        id, 
    8992                        name, 
     
    103106 
    104107                // Get Users 
    105108 
     109                // @RawSQLUse, trivial_implementation 
    106110                return $txpdb->get_results('SELECT 
    107111                        user_id, 
    108112                        name, 
     
    120124                $prefix = get_option('tpre'); 
    121125 
    122126                // Get Posts 
     127                // @RawSQLUse, trivial_implementation 
    123128                return $txpdb->get_results('SELECT 
    124129                        ID, 
    125130                        Posted, 
     
    147152                $prefix = get_option('tpre'); 
    148153 
    149154                // Get Comments 
     155                // @RawSQLUse, trivial_implementation 
    150156                return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); 
    151157        } 
    152158 
     
    157163                set_magic_quotes_runtime(0); 
    158164                $prefix = get_option('tpre'); 
    159165 
     166                // @RawSQLUse, trivial_implementation 
    160167                return $txpdb->get_results('SELECT 
    161168                        id, 
    162169                        date, 
  • wp-admin/import/wordpress.php

     
    663663                global $wpdb; 
    664664                foreach ($this->url_remap as $from_url => $to_url) { 
    665665                        // remap urls in post_content 
     666                        // @RawSQLUse, simple_code 
    666667                        $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_content = REPLACE(post_content, '%s', '%s')", $from_url, $to_url) ); 
    667668                        // remap enclosure urls 
     669                        // @RawSQLUse, simple_code 
    668670                        $result = $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->postmeta} SET meta_value = REPLACE(meta_value, '%s', '%s') WHERE meta_key='enclosure'", $from_url, $to_url) ); 
    669671                } 
    670672        } 
     
    677679                        $local_child_id = $this->post_ids_processed[$child_id]; 
    678680                        $local_parent_id = $this->post_ids_processed[$parent_id]; 
    679681                        if ($local_child_id and $local_parent_id) { 
     682                                // @RawSQLUse, method_exists 
    680683                                $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id)); 
    681684                        } 
    682685                } 
  • wp-admin/upload.php

     
    2020 
    2121        if ( ! current_user_can('edit_posts') ) 
    2222                wp_die( __('You are not allowed to scan for lost attachments.') ); 
    23  
     23         
     24        // @RawSQLUse, algorithmic 
    2425        $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'"); 
     26        // @RawSQLUse, trivial_implementation 
    2527        $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'"); 
    2628 
    2729        $lost = array(); 
     
    5355 
    5456        if ( ! empty($attach) ) { 
    5557                $attach = implode(',', $attach); 
     58                // @RawSQLUse, algorithmic 
    5659                $attached = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ($attach)", $parent_id) ); 
    5760        } 
    5861 
     
    113116                $page_links_total = ceil(count($lost) / 50); 
    114117                $lost = implode(',', $lost); 
    115118 
     119                // @RawSQLUse, algorithmic 
    116120                $orphans = $wpdb->get_results( "SELECT * FROM $wpdb->posts WHERE post_type = 'attachment' AND ID IN ($lost) LIMIT $start, 50" ); 
    117121        } else { 
    118122                $start = ( $_GET['paged'] - 1 ) * 25; 
     123                // @RawSQLUse, algorithmic 
    119124                $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" ); 
     125                // @RawSQLUse, trivial_implementation 
    120126                $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25); 
    121127        } 
    122128 
     
    253259 
    254260<?php 
    255261if ( ! is_singular() && ! isset($_GET['detached']) ) { 
     262        // @RawSQLUse, simple_code 
    256263        $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC"; 
    257264 
    258265        $arc_result = $wpdb->get_results( $arc_query ); 
  • wp-admin/edit-form-advanced.php

     
    438438        <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">trackbacks and pingbacks</a> on this post') ?></label> 
    439439</p> 
    440440<?php 
     441        // @RawSQLUse, algorithmic 
    441442        $total = $wpdb->get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID)); 
    442443 
    443444        if ( !$post_ID || $post_ID < 0 || 1 > $total ) 
  • wp-admin/edit.php

     
    200200 
    201201<?php // view filters 
    202202if ( !is_singular() ) { 
     203// @RawSQLUse, simple_code 
    203204$arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'post' ORDER BY post_date DESC"; 
    204205 
    205206$arc_result = $wpdb->get_results( $arc_query ); 
  • wp-admin/options.php

     
    9595  <input type='hidden' name='option_page' value='options' /> 
    9696  <table class="form-table"> 
    9797<?php 
     98// @RawSQLUse, simple_code 
    9899$options = $wpdb->get_results("SELECT * FROM $wpdb->options ORDER BY option_name"); 
    99100 
    100101foreach ( (array) $options as $option) : 
  • wp-admin/link.php

     
    5858                } 
    5959                $all_links = join(',', $linkcheck); 
    6060                // should now have an array of links we can change 
     61                // @RawSQLUse, algorithmic 
    6162                //$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)"); 
    6263 
    6364                wp_redirect($this_file); 
  • wp-admin/export.php

     
    3939<select name="author" id="author"> 
    4040<option value="all" selected="selected"><?php _e('All Authors'); ?></option> 
    4141<?php 
     42// @RawSQLUse, simple_code 
    4243$authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" ); 
    4344foreach ( $authors as $id ) { 
    4445        $o = get_userdata( $id ); 
  • wp-admin/edit-pages.php

     
    277277 
    278278if ( 1 == count($posts) && is_singular() ) : 
    279279 
     280        // @RawSQLUse, algorithmic 
    280281        $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) ); 
    281282        if ( $comments ) : 
    282283                // Make sure comments, post, and post_author are cached