Ticket #6836: wordpress_sqlannotations_simple.diff
File wordpress_sqlannotations_simple.diff, 76.5 KB (added by , 16 years ago) |
---|
-
wp-comments-post.php
19 19 20 20 $comment_post_ID = (int) $_POST['comment_post_ID']; 21 21 22 // @RawSQLUse, trivial_implementation 22 23 $status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 23 24 24 25 if ( empty($status->comment_status) ) { -
wp-login.php
133 133 else if ( is_wp_error($allow) ) 134 134 return $allow; 135 135 136 // @RawSQLUse, trivial_implementation 136 137 $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 137 138 if ( empty($key) ) { 138 139 // Generate something random for a key... 139 140 $key = wp_generate_password(20, false); 140 141 do_action('retrieve_password_key', $user_login, $key); 141 142 // Now insert the new md5 key into the db 143 // @RawSQLUse, method_exists 142 144 $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); 143 145 } 144 146 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; … … 169 171 if ( empty( $key ) ) 170 172 return new WP_Error('invalid_key', __('Invalid key')); 171 173 174 // @RawSQLUse, trivial_implementation 172 175 $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 173 176 if ( empty( $user ) ) 174 177 return new WP_Error('invalid_key', __('Invalid key')); -
wp-includes/taxonomy.php
864 864 865 865 return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $else_where AND tt.taxonomy = %s", $term, $taxonomy), ARRAY_A); 866 866 } 867 868 867 if ( $result = $wpdb->get_var( $wpdb->prepare("SELECT term_id FROM $wpdb->terms as t WHERE $where", $slug) ) ) 869 868 return $result; 870 869 … … 1106 1105 $wpdb->update( $wpdb->term_taxonomy, compact( 'parent' ), array( 'parent' => $term_obj->term_id) + compact( 'taxonomy' ) ); 1107 1106 } 1108 1107 1108 // @RawSQLUse, trivial_implementation 1109 1109 $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) ); 1110 1110 1111 1111 foreach ( (array) $objects as $object ) { … … 1118 1118 wp_set_object_terms($object, $terms, $taxonomy); 1119 1119 } 1120 1120 1121 // @RawSQLUse, trivial_implementation 1121 1122 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) ); 1122 1123 1123 1124 // Delete the term if no taxonomies use it. 1124 1125 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) ) 1126 // @RawSQLUse, trivial_implementation 1125 1127 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) ); 1126 1128 1127 1129 clean_term_cache($term, $taxonomy); … … 1322 1324 1323 1325 $term_group = 0; 1324 1326 if ( $alias_of ) { 1327 // @RawSQLUse, trivial_implementation 1325 1328 $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 1326 1329 if ( $alias->term_group ) { 1327 1330 // The alias we want is already in a group, so let's use that one. … … 1329 1332 } else { 1330 1333 // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. 1331 1334 $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; 1335 // @RawSQLUse, method_exists 1332 1336 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); 1333 1337 } 1334 1338 } … … 1423 1427 $tt_id = $term_info['term_taxonomy_id']; 1424 1428 $tt_ids[] = $tt_id; 1425 1429 1430 // @RawSQLUse, trivial_implementation 1426 1431 if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $tt_id ) ) ) 1427 1432 continue; 1428 1433 $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $tt_id ) ); … … 1500 1505 if ( !empty($args['term_id']) ) 1501 1506 $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s AND term_id != %d", $slug, $args['term_id'] ); 1502 1507 else 1508 // @RawSQLUse, trivial_implementation 1503 1509 $query = $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ); 1504 1510 1505 1511 if ( $wpdb->get_var( $query ) ) { … … 1507 1513 do { 1508 1514 $alt_slug = $slug . "-$num"; 1509 1515 $num++; 1516 // @RawSQLUse, trivial_implementation 1510 1517 $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) ); 1511 1518 } while ( $slug_check ); 1512 1519 $slug = $alt_slug; … … 1586 1593 } 1587 1594 1588 1595 if ( $alias_of ) { 1596 // @RawSQLUse, trivial_implementation 1589 1597 $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); 1590 1598 if ( $alias->term_group ) { 1591 1599 // The alias we want is already in a group, so let's use that one. … … 1598 1606 } 1599 1607 1600 1608 // Check for duplicate slug 1609 // @RawSQLUse, trivial_implementation 1601 1610 $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); 1602 1611 if ( $id && ($id != $term_id) ) { 1603 1612 // If an empty slug was passed or the parent changed, reset the slug to something unique. -
wp-includes/post.php
424 424 global $wpdb; 425 425 426 426 $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); 427 // @RawSQLUse, method_exists 427 428 $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); 428 429 429 430 if ( 'page' == $post_type ) … … 519 520 // expected_slashed ($meta_key) 520 521 $meta_key = stripslashes($meta_key); 521 522 523 // @RawSQLUse, trivial_implementation 522 524 if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) 523 525 return false; 524 526 … … 559 561 $meta_value = maybe_serialize( stripslashes_deep($meta_value) ); 560 562 561 563 if ( empty( $meta_value ) ) 564 // @RawSQLUse, trivial_implementation 562 565 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 563 566 else 567 // @RawSQLUse, trivial_implementation 564 568 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 565 569 566 570 if ( !$meta_id ) 567 571 return false; 568 572 569 573 if ( empty( $meta_value ) ) 574 // @RawSQLUse, trivial_implementation 570 575 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $meta_key ) ); 571 576 else 577 // @RawSQLUse, trivial_implementation 572 578 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $meta_key, $meta_value ) ); 573 579 574 580 wp_cache_delete($post_id, 'post_meta'); … … 637 643 // expected_slashed ($meta_key) 638 644 $meta_key = stripslashes($meta_key); 639 645 646 // @RawSQLUse, trivial_implementation 640 647 if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) { 641 648 return add_post_meta($post_id, $meta_key, $meta_value); 642 649 } … … 667 674 */ 668 675 function delete_post_meta_by_key($post_meta_key) { 669 676 global $wpdb; 677 // @RawSQLUse, trivial_implementation 670 678 if ( $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_key = %s", $post_meta_key)) ) { 671 679 /** @todo Get post_ids and delete cache */ 672 680 // wp_cache_delete($post_id, 'post_meta'); … … 1101 1109 function wp_delete_post($postid = 0) { 1102 1110 global $wpdb, $wp_rewrite; 1103 1111 1112 // @RawSQLUse, trivial_implementation 1104 1113 if ( !$post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 1105 1114 return $post; 1106 1115 … … 1127 1136 } 1128 1137 1129 1138 // Point children of this page to its parent, also clean the cache of affected children 1139 // @RawSQLUse, trivial_implementation 1130 1140 $children_query = $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE post_parent = %d AND post_type='page'", $postid); 1131 1141 $children = $wpdb->get_results($children_query); 1132 1142 … … 1136 1146 } 1137 1147 1138 1148 // Do raw query. wp_get_post_revisions() is filtered 1149 // @RawSQLUse, trivial_implementation 1139 1150 $revision_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'revision'", $postid ) ); 1140 1151 // Use wp_delete_post (via wp_delete_post_revision) again. Ensures any meta/misplaced data gets cleaned up. 1141 1152 foreach ( $revision_ids as $revision_id ) … … 1144 1155 // Point all attachments to this post up one level 1145 1156 $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); 1146 1157 1158 // @RawSQLUse, trivial_implementation 1147 1159 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 1148 1160 1161 // @RawSQLUse, trivial_implementation 1149 1162 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 1150 1163 1164 // @RawSQLUse, trivial_implementation 1151 1165 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d", $postid )); 1152 1166 1153 1167 if ( 'page' == $post->post_type ) { … … 1500 1514 // If there is a suggested ID, use it if not already present 1501 1515 if ( !empty($import_id) ) { 1502 1516 $import_id = (int) $import_id; 1517 // @RawSQLUse, trivial_implementation 1503 1518 if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 1504 1519 $data['ID'] = $import_id; 1505 1520 } … … 1814 1829 */ 1815 1830 function add_ping($post_id, $uri) { 1816 1831 global $wpdb; 1832 // @RawSQLUse, trivial_implementation 1817 1833 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 1818 1834 $pung = trim($pung); 1819 1835 $pung = preg_split('/\s/', $pung); … … 1863 1879 */ 1864 1880 function get_pung($post_id) { 1865 1881 global $wpdb; 1882 // @RawSQLUse, trivial_implementation 1866 1883 $pung = $wpdb->get_var( $wpdb->prepare( "SELECT pinged FROM $wpdb->posts WHERE ID = %d", $post_id )); 1867 1884 $pung = trim($pung); 1868 1885 $pung = preg_split('/\s/', $pung); … … 1881 1898 */ 1882 1899 function get_to_ping($post_id) { 1883 1900 global $wpdb; 1901 // @RawSQLUse, trivial_implementation 1884 1902 $to_ping = $wpdb->get_var( $wpdb->prepare( "SELECT to_ping FROM $wpdb->posts WHERE ID = %d", $post_id )); 1885 1903 $to_ping = trim($to_ping); 1886 1904 $to_ping = preg_split('/\s/', $to_ping, -1, PREG_SPLIT_NO_EMPTY); … … 1935 1953 global $wpdb; 1936 1954 1937 1955 if ( ! $page_ids = wp_cache_get('all_page_ids', 'posts') ) { 1956 // @RawSQLUse, trivial_implementation 1938 1957 $page_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'page'"); 1939 1958 wp_cache_add('all_page_ids', $page_ids, 'posts'); 1940 1959 } … … 1997 2016 $path = '/' . $leaf_path; 1998 2017 $curpage = $page; 1999 2018 while ($curpage->post_parent != 0) { 2019 // @RawSQLUse, trivial_implementation 2000 2020 $curpage = $wpdb->get_row( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE ID = %d and post_type='page'", $curpage->post_parent )); 2001 2021 $path = '/' . $curpage->post_name . $path; 2002 2022 } … … 2020 2040 */ 2021 2041 function get_page_by_title($page_title, $output = OBJECT) { 2022 2042 global $wpdb; 2043 // @RawSQLUse, trivial_implementation 2023 2044 $page = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_title = %s AND post_type='page'", $page_title )); 2024 2045 if ( $page ) 2025 2046 return get_page($page, $output); … … 2114 2135 * 2115 2136 * @param mixed $args Optional. Array or string of options that overrides defaults. 2116 2137 * @return array List of pages matching defaults or $args 2138 * @RawSQLUse, algorithmic 2117 2139 */ 2140 2118 2141 function &get_pages($args = '') { 2119 2142 global $wpdb; 2120 2143 … … 2437 2460 // If there is a suggested ID, use it if not already present 2438 2461 if ( !empty($import_id) ) { 2439 2462 $import_id = (int) $import_id; 2463 // @RawSQLUse, trivial_implementation 2440 2464 if ( ! $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE ID = %d", $import_id) ) ) { 2441 2465 $data['ID'] = $import_id; 2442 2466 } … … 2484 2508 function wp_delete_attachment($postid) { 2485 2509 global $wpdb; 2486 2510 2511 // @RawSQLUse, trivial_implementation 2487 2512 if ( !$post = $wpdb->get_row( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE ID = %d", $postid)) ) 2488 2513 return $post; 2489 2514 … … 2498 2523 /** @todo Delete for pluggable post taxonomies too */ 2499 2524 wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 2500 2525 2526 // @RawSQLUse, trivial_implementation 2501 2527 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); 2502 2528 2529 // @RawSQLUse, trivial_implementation 2503 2530 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->comments WHERE comment_post_ID = %d", $postid )); 2504 2531 2532 // @RawSQLUse, trivial_implementation 2505 2533 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d ", $postid )); 2506 2534 2507 2535 $uploadPath = wp_upload_dir(); … … 2833 2861 * @param string $post_type currently only supports 'post' or 'page'. 2834 2862 * @return string SQL code that can be added to a where clause. 2835 2863 */ 2864 2836 2865 function get_private_posts_cap_sql($post_type) { 2837 2866 global $user_ID; 2838 2867 $cap = ''; … … 3003 3032 3004 3033 do_action('clean_post_cache', $id); 3005 3034 3035 // @RawSQLUse, trivial_implementation 3006 3036 if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) ) { 3007 3037 foreach( $children as $cid ) 3008 3038 clean_post_cache( $cid ); -
wp-includes/comment.php
736 736 737 737 $comment = get_comment($comment_id); 738 738 739 // @RawSQLUse, trivial_implementation 739 740 if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) ) 740 741 return false; 741 742 … … 878 879 if ( ! isset($comment_type) ) 879 880 $comment_type = ''; 880 881 882 // @RawSQLUse, method_exists 881 883 $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments 882 884 (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id) 883 885 VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)", … … 1091 1093 else if ( 'approve' == $comment_approved ) 1092 1094 $comment_approved = 1; 1093 1095 1096 // @RawSQLUse, method_exists 1094 1097 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET 1095 1098 comment_content = %s, 1096 1099 comment_author = %s, … … 1205 1208 return false; 1206 1209 1207 1210 $old = (int) $post->comment_count; 1211 // @RawSQLUse, trivial_implementation 1208 1212 $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) ); 1213 // @RawSQLUse, method_exists 1209 1214 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) ); 1210 1215 1211 1216 if ( 'page' == $post->post_type ) … … 1292 1297 1293 1298 // Do pingbacks 1294 1299 while ($ping = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_pingme' LIMIT 1")) { 1300 // @RawSQLUse, trivial_implementation 1295 1301 $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$ping->ID} AND meta_key = '_pingme';"); 1296 1302 pingback($ping->post_content, $ping->ID); 1297 1303 } 1298 1304 1299 1305 // Do Enclosures 1300 1306 while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) { 1307 // @RawSQLUse, trivial_implementation 1301 1308 $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) ); 1302 1309 do_enclose($enclosure->post_content, $enclosure->ID); 1303 1310 } … … 1323 1330 function do_trackbacks($post_id) { 1324 1331 global $wpdb; 1325 1332 1333 // @RawSQLUse, trivial_implementation 1326 1334 $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) ); 1327 1335 $to_ping = get_to_ping($post_id); 1328 1336 $pinged = get_pung($post_id); 1329 1337 if ( empty($to_ping) ) { 1338 // @RawSQLUse, method_exists 1330 1339 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); 1331 1340 return; 1332 1341 } -
wp-includes/functions.php
407 407 function get_alloptions() { 408 408 global $wpdb; 409 409 $show = $wpdb->hide_errors(); 410 // @RawSQLUse, trivial_implementation 410 411 if ( !$options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 412 // @RawSQLUse, trivial_implementation 411 413 $options = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 412 414 $wpdb->show_errors($show); 413 415 … … 441 443 442 444 if ( !$alloptions ) { 443 445 $suppress = $wpdb->suppress_errors(); 446 // @RawSQLUse, trivial_implementation 444 447 if ( !$alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options WHERE autoload = 'yes'" ) ) 448 // @RawSQLUse, trivial_implementation 445 449 $alloptions_db = $wpdb->get_results( "SELECT option_name, option_value FROM $wpdb->options" ); 446 450 $wpdb->suppress_errors($suppress); 447 451 $alloptions = array(); … … 514 518 wp_cache_set( $option_name, $newvalue, 'options' ); 515 519 } 516 520 521 // @RawSQLUse, method_exists 517 522 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); 518 523 if ( $wpdb->rows_affected == 1 ) { 519 524 do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); … … 581 586 wp_cache_set( 'notoptions', $notoptions, 'options' ); 582 587 } 583 588 589 // @RawSQLUse, method_exists 584 590 $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); 585 591 586 592 do_action( "add_option_{$name}", $name, $value ); … … 604 610 605 611 // Get the ID, if no ID then return 606 612 // expected_slashed ($name) 613 // @RawSQLUse, trivial_implementation 607 614 $option = $wpdb->get_row( "SELECT option_id, autoload FROM $wpdb->options WHERE option_name = '$name'" ); 608 615 if ( is_null($option) || !$option->option_id ) 609 616 return false; 610 617 // expected_slashed ($name) 618 // @RawSQLUse, trivial_implementation 611 619 $wpdb->query( "DELETE FROM $wpdb->options WHERE option_name = '$name'" ); 612 620 if ( 'yes' == $option->autoload ) { 613 621 $alloptions = wp_load_alloptions(); … … 994 1002 $allowed_types = array( 'video', 'audio' ); 995 1003 if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { 996 1004 $meta_value = "$url\n$len\n$type\n"; 1005 // @RawSQLUse, method_exists 997 1006 $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) 998 1007 VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); 999 1008 } … … 1537 1546 return true; 1538 1547 1539 1548 $suppress = $wpdb->suppress_errors(); 1549 // @RawSQLUse, trivial_implementation 1540 1550 $installed = $wpdb->get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl'" ); 1541 1551 $wpdb->suppress_errors($suppress); 1542 1552 -
wp-includes/user.php
154 154 global $wpdb; 155 155 if ( !$user ) 156 156 $user = $wpdb->escape($_COOKIE[USER_COOKIE]); 157 // @RawSQLUse, trivial_implementation 157 158 return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) ); 158 159 } 159 160 … … 308 309 $meta_value = trim( $meta_value ); 309 310 310 311 if ( ! empty($meta_value) ) 312 // @RawSQLUse, trivial_implementation 311 313 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $user_id, $meta_key, $meta_value) ); 312 314 else 315 // @RawSQLUse, trivial_implementation 313 316 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 314 317 315 318 wp_cache_delete($user_id, 'users'); … … 397 400 if (empty($meta_value)) { 398 401 return delete_usermeta($user_id, $meta_key); 399 402 } 400 403 // @RawSQLUse, trivial_implementation 401 404 $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); 402 405 if ( !$cur ) { 406 // @RawSQLUse, method_exists 403 407 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) 404 408 VALUES 405 409 ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); 406 410 } else if ( $cur->meta_value != $meta_value ) { 411 // @RawSQLUse, method_exists 407 412 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); 408 413 } else { 409 414 return false; … … 575 580 global $wpdb; 576 581 577 582 $show = $wpdb->hide_errors(); 583 // @RawSQLUse, trivial_implementation 578 584 $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user->ID)); 579 585 $wpdb->show_errors($show); 580 586 -
wp-includes/rewrite.php
782 782 global $wpdb; 783 783 784 784 //get pages in order of hierarchy, i.e. children after parents 785 // @RawSQLUse, trivial_implementation 785 786 $posts = get_page_hierarchy($wpdb->get_results("SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'page'")); 786 787 //now reverse it, because we need parents after children for rewrite rules to work properly 787 788 $posts = array_reverse($posts, true); … … 795 796 foreach ($posts as $id => $post) { 796 797 // URL => page name 797 798 $uri = get_page_uri($id); 799 // @RawSQLUse, trivial_implementation 798 800 $attachments = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent = %d", $id )); 799 801 if ( $attachments ) { 800 802 foreach ( $attachments as $attachment ) { -
wp-includes/general-template.php
422 422 } 423 423 if ( !empty($author_name) ) { 424 424 // We do a direct query here because we don't cache by nicename. 425 // @RawSQLUse, trivial_implementation 425 426 $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name)); 426 427 } 427 428 … … 510 511 511 512 if ( intval($p) || '' != $name ) { 512 513 if ( !$p ) 514 // @RawSQLUse, trivial_implementation 513 515 $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name)); 514 516 $post = & get_post($p); 515 517 $title = $post->post_title; -
wp-includes/canonical.php
68 68 69 69 if ( is_singular() && 1 > $wp_query->post_count && ($id = get_query_var('p')) ) { 70 70 71 // @RawSQLUse, trivial_implementation 71 72 $vars = $wpdb->get_results( $wpdb->prepare("SELECT post_type, post_parent FROM $wpdb->posts WHERE ID = %d", $id) ); 72 73 73 74 if ( isset($vars[0]) && $vars = $vars[0] ) { -
wp-includes/deprecated.php
1120 1120 _deprecated_function(__FUNCTION__, '0.0' ); 1121 1121 1122 1122 if ( $count ) 1123 // @RawSQLUse, trivial_implementation 1123 1124 $counts = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->links"); 1124 1125 1125 1126 $javascript = "<a href=\"#\" onclick=\"javascript:window.open('$file?popup=1', '_blank', 'width=$width,height=$height,scrollbars=yes,status=no'); return false\">"; -
wp-includes/pluggable.php
164 164 if ( false !== $user ) 165 165 return $user; 166 166 167 // @RawSQLUse, trivial_implementation 167 168 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_login = %s", $user_login)) ) 168 169 return false; 169 170 … … 194 195 if ( false !== $user ) 195 196 return $user; 196 197 198 // @RawSQLUse, trivial_implementation 197 199 if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_email = %s", $email)) ) 198 200 return false; 199 201 … … 1444 1451 global $wpdb; 1445 1452 1446 1453 $hash = wp_hash_password($password); 1454 // @RawSQLUse, method_exists 1447 1455 $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); 1448 1456 $wpdb->query($query); 1449 1457 wp_cache_delete($user_id, 'users'); -
wp-includes/rss.php
715 715 $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts'; 716 716 717 717 // shouldn't these be using get_option() ? 718 // @RawSQLUse, trivial_implementation 718 719 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) ) 719 720 add_option($cache_option, '', '', 'no'); 721 // @RawSQLUse, trivial_implementation 720 722 if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) ) 721 723 add_option($cache_timestamp, '', '', 'no'); 722 724 -
xmlrpc.php
2273 2273 global $wpdb; 2274 2274 2275 2275 // find any unattached files 2276 // @RawSQLUse, trivial_implementation 2276 2277 $attachments = $wpdb->get_results( "SELECT ID, guid FROM {$wpdb->posts} WHERE post_parent = '-1' AND post_type = 'attachment'" ); 2277 2278 if( is_array( $attachments ) ) { 2278 2279 foreach( $attachments as $file ) { 2279 2280 if( strpos( $post_content, $file->guid ) !== false ) { 2281 // @RawSQLUse, method_exists 2280 2282 $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); 2281 2283 } 2282 2284 } … … 2852 2854 2853 2855 if(!empty($data["overwrite"]) && ($data["overwrite"] == true)) { 2854 2856 // Get postmeta info on the object. 2857 // @RawSQLUse, trivial_implementation 2855 2858 $old_file = $wpdb->get_row(" 2856 2859 SELECT ID 2857 2860 FROM {$wpdb->posts} … … 3126 3129 return new IXR_Error(404, __('Sorry, no such post.')); 3127 3130 } 3128 3131 3132 // @RawSQLUse, trivial_implementation 3129 3133 $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 3130 3134 3131 3135 if (!$comments) { … … 3250 3254 } elseif (is_string($urltest['fragment'])) { 3251 3255 // ...or a string #title, a little more complicated 3252 3256 $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']); 3257 // @RawSQLUse, trivial_implementation 3253 3258 $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title); 3254 3259 if (! ($post_ID = $wpdb->get_var($sql)) ) { 3255 3260 // returning unknown error '0' is better than die()ing … … 3279 3284 return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.')); 3280 3285 3281 3286 // Let's check that the remote site didn't already pingback this entry 3287 // @RawSQLUse, trivial_implementation 3282 3288 $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) ); 3283 3289 3284 3290 if ( $wpdb->num_rows ) // We already have a Pingback from this URL … … 3394 3400 return new IXR_Error(32, __('The specified target URL does not exist.')); 3395 3401 } 3396 3402 3403 // @RawSQLUse, trivial_implementation 3397 3404 $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) ); 3398 3405 3399 3406 if (!$comments) { -
wp-trackback.php
97 97 $comment_content = "<strong>$title</strong>\n\n$excerpt"; 98 98 $comment_type = 'trackback'; 99 99 100 // @RawSQLUse, trivial_implementation 100 101 $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) ); 101 102 if ( $dupe ) 102 103 trackback_response(1, 'We already have a ping from that URL for this post.'); -
wp-admin/update-links.php
18 18 if ( !get_option('use_linksupdate') ) 19 19 wp_die(__('Feature disabled.')); 20 20 21 // @RawSQLUse, trivial_implementation 21 22 $link_uris = $wpdb->get_col("SELECT link_url FROM $wpdb->links"); 22 23 23 24 if ( !$link_uris ) … … 50 51 foreach ($returns as $return) : 51 52 $time = substr($return, 0, 19); 52 53 $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return); 54 // @RawSQLUse, method_exists 53 55 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) ); 54 56 endforeach; 55 57 -
wp-admin/edit-comments.php
34 34 $deleted = $approved = $unapproved = $spammed = 0; 35 35 foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each 36 36 $comment_id = (int) $comment_id; 37 // @RawSQLUse, trivial_implementation 37 38 $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) ); 38 39 39 40 if ( !current_user_can('edit_post', $_post_id) ) -
wp-admin/admin-ajax.php
606 606 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 607 607 die('-1'); 608 608 609 // @RawSQLUse, trivial_implementation 609 610 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 610 611 611 612 if ( empty($status) ) -
wp-admin/includes/bookmark.php
83 83 84 84 wp_delete_object_term_relationships( $link_id, 'link_category' ); 85 85 86 // @RawSQLUse, trivial_implementation 86 87 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->links WHERE link_id = %d", $link_id ) ); 87 88 88 89 do_action( 'deleted_link', $link_id ); … … 186 187 } 187 188 188 189 if ( $update ) { 190 // @RawSQLUse, method_exists 189 191 if ( false === $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->links SET link_url = %s, 190 192 link_name = %s, link_image = %s, link_target = %s, 191 193 link_visible = %s, link_description = %s, link_rating = %s, … … 197 199 return 0; 198 200 } 199 201 } else { 202 // @RawSQLUse, method_exists 200 203 if ( false === $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", 201 204 $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss ) ) ) { 202 205 if ( $wp_error ) -
wp-admin/includes/post.php
257 257 } 258 258 259 259 if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) { 260 // @RawSQLUse, trivial_implementation 260 261 $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'"); 261 262 $children = array(); 262 263 … … 417 418 $post_date = $wpdb->prepare("AND post_date = %s", $post_date); 418 419 419 420 if (!empty ($title)) 421 // @RawSQLUse, trivial_implementation 420 422 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) ); 421 423 else 422 424 if (!empty ($content)) 425 // @RawSQLUse, trivial_implementation 423 426 return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) ); 424 427 425 428 return 0; … … 566 569 567 570 wp_cache_delete($post_ID, 'post_meta'); 568 571 572 // @RawSQLUse, method_exists 569 573 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)", $post_ID, $metakey, $metavalue) ); 570 574 return $wpdb->insert_id; 571 575 } … … 621 625 global $wpdb; 622 626 $mid = (int) $mid; 623 627 628 // @RawSQLUse, trivial_implementation 624 629 $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) ); 625 630 if ( is_serialized_string( $meta->meta_value ) ) 626 631 $meta->meta_value = maybe_unserialize( $meta->meta_value ); … … 664 669 if ( in_array($meta_key, $protected) ) 665 670 return false; 666 671 672 // @RawSQLUse, trivial_implementation 667 673 $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $meta_id) ); 668 674 wp_cache_delete($post_id, 'post_meta'); 669 675 … … 743 749 global $wpdb; 744 750 $old_ID = (int) $old_ID; 745 751 $new_ID = (int) $new_ID; 752 // @RawSQLUse, method_exists 746 753 return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); 747 754 } 748 755 -
wp-admin/includes/upgrade.php
95 95 // Default category 96 96 $cat_name = $wpdb->escape(__('Uncategorized')); 97 97 $cat_slug = sanitize_title(_c('Uncategorized|Default category slug')); 98 // @RawSQLUse, method_exists 98 99 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 100 // @RawSQLUse, method_exists 99 101 $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); 100 102 101 103 // Default link category 102 104 $cat_name = $wpdb->escape(__('Blogroll')); 103 105 $cat_slug = sanitize_title(_c('Blogroll|Default link category slug')); 106 // @RawSQLUse, method_exists 104 107 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); 108 // @RawSQLUse, method_exists 105 109 $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')"); 106 110 107 111 // Now drop in some default links 112 // @RawSQLUse, method_exists 108 113 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');"); 114 // @RawSQLUse, method_exists 109 115 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); 110 116 117 // @RawSQLUse, method_exists 111 118 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');"); 119 // @RawSQLUse, method_exists 112 120 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); 113 121 122 // @RawSQLUse, method_exists 114 123 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');"); 124 // @RawSQLUse, method_exists 115 125 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" ); 116 126 127 // @RawSQLUse, method_exists 117 128 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');"); 129 // @RawSQLUse, method_exists 118 130 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" ); 119 131 132 // @RawSQLUse, method_exists 120 133 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');"); 134 // @RawSQLUse, method_exists 121 135 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" ); 122 136 137 // @RawSQLUse, method_exists 123 138 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');"); 139 // @RawSQLUse, method_exists 124 140 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" ); 125 141 142 // @RawSQLUse, method_exists 126 143 $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');"); 144 // @RawSQLUse, method_exists 127 145 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" ); 128 146 129 147 // First post 130 148 $now = date('Y-m-d H:i:s'); 131 149 $now_gmt = gmdate('Y-m-d H:i:s'); 132 150 $first_post_guid = get_option('home') . '/?p=1'; 151 // @RawSQLUse, method_exists 133 152 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')"); 153 // @RawSQLUse, method_exists 134 154 $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); 135 155 136 156 // Default comment 157 // @RawSQLUse, method_exists 137 158 $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.<br />To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')"); 138 159 139 160 // First Page 140 161 $first_post_guid = get_option('home') . '/?page_id=2'; 162 // @RawSQLUse, method_exists 141 163 $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')"); 142 164 } 143 165 endif; … … 292 314 global $wpdb; 293 315 294 316 // Get the title and ID of every post, post_name to check if it already has a value 317 // @RawSQLUse, trivial_implementation 295 318 $posts = $wpdb->get_results("SELECT ID, post_title, post_name FROM $wpdb->posts WHERE post_name = ''"); 296 319 if ($posts) { 297 320 foreach($posts as $post) { 298 321 if ('' == $post->post_name) { 299 322 $newtitle = sanitize_title($post->post_title); 323 // @RawSQLUse, method_exists 300 324 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) ); 301 325 } 302 326 } 303 327 } 304 328 329 // @RawSQLUse, trivial_implementation 305 330 $categories = $wpdb->get_results("SELECT cat_ID, cat_name, category_nicename FROM $wpdb->categories"); 306 331 foreach ($categories as $category) { 307 332 if ('' == $category->category_nicename) { 308 333 $newtitle = sanitize_title($category->cat_name); 334 // @RawSQLUse, method_exists 309 335 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); 310 336 } 311 337 } … … 324 350 $catwhere = ''; 325 351 endif; 326 352 353 // @RawSQLUse, trivial_implementation 327 354 $allposts = $wpdb->get_results("SELECT ID, post_category FROM $wpdb->posts WHERE post_category != '0' $catwhere"); 328 355 if ($allposts) : 329 356 foreach ($allposts as $post) { 330 357 // Check to see if it's already been imported 358 // @RawSQLUse, trivial_implementation 331 359 $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); 332 360 if (!$cat && 0 != $post->post_category) { // If there's no result 361 // @RawSQLUse, method_exists 333 362 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat 334 363 (post_id, category_id) 335 364 VALUES (%s, %s) … … 366 395 global $wpdb; 367 396 368 397 // Set user_nicename. 398 // @RawSQLUse, trivial_implementation 369 399 $users = $wpdb->get_results("SELECT ID, user_nickname, user_nicename FROM $wpdb->users"); 370 400 foreach ($users as $user) { 371 401 if ('' == $user->user_nicename) { 372 402 $newname = sanitize_title($user->user_nickname); 403 // @RawSQLUse, method_exists 373 404 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); 374 405 } 375 406 } 376 407 408 // @RawSQLUse, trivial_implementation 377 409 $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users"); 378 410 foreach ($users as $row) { 379 411 if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { 412 // @RawSQLUse, method_exists 380 413 $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); 381 414 } 382 415 } … … 426 459 global $wpdb; 427 460 428 461 // Remove extraneous backslashes. 462 // @RawSQLUse, trivial_implementation 429 463 $posts = $wpdb->get_results("SELECT ID, post_title, post_content, post_excerpt, guid, post_date, post_name, post_status, post_author FROM $wpdb->posts"); 430 464 if ($posts) { 431 465 foreach($posts as $post) { … … 436 470 $guid = get_permalink($post->ID); 437 471 else 438 472 $guid = $post->guid; 439 473 // @RawSQLUse, method_exists 440 474 $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'"); 441 475 } 442 476 } 443 477 444 478 // Remove extraneous backslashes. 479 // @RawSQLUse, trivial_implementation 445 480 $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments"); 446 481 if ($comments) { 447 482 foreach($comments as $comment) { 448 483 $comment_content = addslashes(deslash($comment->comment_content)); 449 484 $comment_author = addslashes(deslash($comment->comment_author)); 485 // @RawSQLUse, method_exists 450 486 $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'"); 451 487 } 452 488 } 453 489 454 490 // Remove extraneous backslashes. 491 // @RawSQLUse, trivial_implementation 455 492 $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links"); 456 493 if ($links) { 457 494 foreach($links as $link) { 458 495 $link_name = addslashes(deslash($link->link_name)); 459 496 $link_description = addslashes(deslash($link->link_description)); 497 // @RawSQLUse, method_exists 460 498 $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'"); 461 499 } 462 500 } 463 501 464 502 // The "paged" option for what_to_show is no more. 503 // @RawSQLUse, trivial_implementation 465 504 if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') { 505 // @RawSQLUse, method_exists 466 506 $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'"); 467 507 } 468 508 … … 476 516 } 477 517 478 518 // Obsolete tables 519 // @RawSQLUse, trivial_implementation 479 520 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optionvalues'); 521 // @RawSQLUse, trivial_implementation 480 522 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiontypes'); 523 // @RawSQLUse, trivial_implementation 481 524 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroups'); 525 // @RawSQLUse, trivial_implementation 482 526 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'optiongroup_options'); 483 527 484 528 // Update comments table to use comment_type … … 509 553 510 554 populate_roles_160(); 511 555 556 // @RawSQLUse, method_exists 512 557 $users = $wpdb->get_results("SELECT * FROM $wpdb->users"); 513 558 foreach ( $users as $user ) : 514 559 if ( !empty( $user->user_firstname ) ) … … 539 584 if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; 540 585 if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; 541 586 if (!$idmode) $id = $user->user_nickname; 587 // @RawSQLUse, method_exists 542 588 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); 543 589 endif; 544 590 … … 554 600 $old_user_fields = array( 'user_firstname', 'user_lastname', 'user_icq', 'user_aim', 'user_msn', 'user_yim', 'user_idmode', 'user_ip', 'user_domain', 'user_browser', 'user_description', 'user_nickname', 'user_level' ); 555 601 $wpdb->hide_errors(); 556 602 foreach ( $old_user_fields as $old ) 603 // @RawSQLUse, trivial_implementation 557 604 $wpdb->query("ALTER TABLE $wpdb->users DROP $old"); 558 605 $wpdb->show_errors(); 559 606 … … 561 608 $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); 562 609 if( is_array( $comments ) ) { 563 610 foreach ($comments as $comment) { 611 // @RawSQLUse, method_exists 564 612 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); 565 613 } 566 614 } … … 568 616 // Some alpha versions used a post status of object instead of attachment and put 569 617 // the mime type in post_type instead of post_mime_type. 570 618 if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { 619 // @RawSQLUse, trivial_implementation 571 620 $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); 572 621 foreach ($objects as $object) { 622 // @RawSQLUse, method_exists 573 623 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', 574 624 post_mime_type = %s, 575 625 post_type = '' … … 592 642 593 643 if ( $wp_current_db_version < 3506 ) { 594 644 // Update status and type. 645 // @RawSQLUse, trivial_implementation 595 646 $posts = $wpdb->get_results("SELECT ID, post_status FROM $wpdb->posts"); 596 647 597 648 if ( ! empty($posts) ) foreach ($posts as $post) { … … 605 656 $status = 'inherit'; 606 657 $type = 'attachment'; 607 658 } 608 659 // @RawSQLUse, method_exists 609 660 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) ); 610 661 } 611 662 } … … 617 668 if ( $wp_current_db_version < 3531 ) { 618 669 // Give future posts a post_status of future. 619 670 $now = gmdate('Y-m-d H:i:59'); 671 // @RawSQLUse, method_exists 620 672 $wpdb->query ("UPDATE $wpdb->posts SET post_status = 'future' WHERE post_status = 'publish' AND post_date_gmt > '$now'"); 621 673 674 // @RawSQLUse, method_exists 622 675 $posts = $wpdb->get_results("SELECT ID, post_date FROM $wpdb->posts WHERE post_status ='future'"); 623 676 if ( !empty($posts) ) 624 677 foreach ( $posts as $post ) … … 651 704 $term_group = 0; 652 705 653 706 // Associate terms with the same slug in a term group and make slugs unique. 707 // @RawSQLUse, trivial_implementation 654 708 if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 655 709 $term_group = $exists[0]->term_group; 656 710 $id = $exists[0]->term_id; … … 658 712 do { 659 713 $alt_slug = $slug . "-$num"; 660 714 $num++; 715 // @RawSQLUse, trivial_implementation 661 716 $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) ); 662 717 } while ( $slug_check ); 663 718 … … 665 720 666 721 if ( empty( $term_group ) ) { 667 722 $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1; 723 // @RawSQLUse, method_exists 668 724 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) ); 669 725 } 670 726 } 671 727 // @RawSQLUse, method_exists 672 728 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES 673 729 (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) ); 674 730 … … 676 732 if ( !empty($category->category_count) ) { 677 733 $count = (int) $category->category_count; 678 734 $taxonomy = 'category'; 735 // @RawSQLUse, method_exists 679 736 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 680 737 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 681 738 } … … 683 740 if ( !empty($category->link_count) ) { 684 741 $count = (int) $category->link_count; 685 742 $taxonomy = 'link_category'; 743 // @RawSQLUse, method_exists 686 744 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 687 745 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 688 746 } … … 691 749 $have_tags = true; 692 750 $count = (int) $category->tag_count; 693 751 $taxonomy = 'post_tag'; 752 // @RawSQLUse, method_exists 694 753 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 695 754 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 696 755 } … … 698 757 if ( empty($count) ) { 699 758 $count = 0; 700 759 $taxonomy = 'category'; 760 // @RawSQLUse, method_exists 701 761 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); 702 762 $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; 703 763 } … … 718 778 if ( empty($tt_id) ) 719 779 continue; 720 780 781 // @RawSQLUse, method_exists 721 782 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); 722 783 } 723 784 … … 728 789 $link_cat_id_map = array(); 729 790 $default_link_cat = 0; 730 791 $tt_ids = array(); 792 // @RawSQLUse, trivial_implementation 731 793 $link_cats = $wpdb->get_results("SELECT cat_id, cat_name FROM " . $wpdb->prefix . 'linkcategories'); 732 794 foreach ( $link_cats as $category) { 733 795 $cat_id = (int) $category->cat_id; … … 737 799 $term_group = 0; 738 800 739 801 // Associate terms with the same slug in a term group and make slugs unique. 802 // @RawSQLUse, trivial_implementation 740 803 if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) { 741 804 $term_group = $exists[0]->term_group; 742 805 $term_id = $exists[0]->term_id; 743 806 } 744 807 745 808 if ( empty($term_id) ) { 809 // @RawSQLUse, method_exists 746 810 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); 747 811 $term_id = (int) $wpdb->insert_id; 748 812 } 749 813 750 814 $link_cat_id_map[$cat_id] = $term_id; 751 815 $default_link_cat = $term_id; 752 816 817 // @RawSQLUse, method_exists 753 818 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); 754 819 $tt_ids[$term_id] = (int) $wpdb->insert_id; 755 820 } 756 821 757 822 // Associate links to cats. 823 // @RawSQLUse, trivial_implementation 758 824 $links = $wpdb->get_results("SELECT link_id, link_category FROM $wpdb->links"); 759 825 if ( !empty($links) ) foreach ( $links as $link ) { 760 826 if ( 0 == $link->link_category ) … … 766 832 if ( empty($tt_id) ) 767 833 continue; 768 834 835 // @RawSQLUse, method_exists 769 836 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); 770 837 } 771 838 … … 781 848 if ( empty($tt_id) ) 782 849 continue; 783 850 851 // @RawSQLUse, method_exists 784 852 $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); 785 853 } 786 854 } 787 855 788 856 if ( $wp_current_db_version < 4772 ) { 789 857 // Obsolete linkcategories table 858 // @RawSQLUse, trivial_implementation 790 859 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'linkcategories'); 791 860 } 792 861 793 862 // Recalculate all counts 863 // @RawSQLUse, trivial_implementation 794 864 $terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy"); 795 865 foreach ( (array) $terms as $term ) { 796 866 if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) ) 797 867 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); 798 868 else 799 869 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); 870 // @RawSQLUse, method_exists 800 871 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); 801 872 } 802 873 } … … 811 882 $old_options_fields = array( 'option_can_override', 'option_type', 'option_width', 'option_height', 'option_description', 'option_admin_level' ); 812 883 $wpdb->hide_errors(); 813 884 foreach ( $old_options_fields as $old ) 885 // @RawSQLUse, trivial_implementation 814 886 $wpdb->query("ALTER TABLE $wpdb->options DROP $old"); 815 887 $wpdb->show_errors(); 816 888 } … … 822 894 */ 823 895 function upgrade_230_old_tables() { 824 896 global $wpdb; 897 // @RawSQLUse, trivial_implementation 825 898 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'categories'); 899 // @RawSQLUse, trivial_implementation 826 900 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'link2cat'); 901 // @RawSQLUse, trivial_implementation 827 902 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . 'post2cat'); 828 903 } 829 904 … … 835 910 function upgrade_old_slugs() { 836 911 // upgrade people who were using the Redirect Old Slugs plugin 837 912 global $wpdb; 913 // @RawSQLUse, method_exists 838 914 $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '_wp_old_slug' WHERE meta_key = 'old_slug'"); 839 915 } 840 916 … … 872 948 function upgrade_252() { 873 949 global $wpdb; 874 950 951 // @RawSQLUse, method_exists 875 952 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = ''"); 876 953 } 877 954 … … 905 982 906 983 // Update post_date for unpublished posts with empty timestamp 907 984 if ( $wp_current_db_version < 8921 ) 985 // @RawSQLUse, method_exists 908 986 $wpdb->query( "UPDATE $wpdb->posts SET post_date = post_modified WHERE post_date = '0000-00-00 00:00:00'" ); 909 987 } 910 988 … … 926 1004 */ 927 1005 function maybe_create_table($table_name, $create_ddl) { 928 1006 global $wpdb; 1007 // @RawSQLUse, trivial_implementation 929 1008 if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) 930 1009 return true; 931 1010 //didn't find it try to create it. 932 1011 $q = $wpdb->query($create_ddl); 933 1012 // we cannot directly tell that whether this succeeded! 1013 // @RawSQLUse, trivial_implementation 934 1014 if ( $wpdb->get_var("SHOW TABLES LIKE '$table_name'") == $table_name ) 935 1015 return true; 936 1016 return false; … … 950 1030 function drop_index($table, $index) { 951 1031 global $wpdb; 952 1032 $wpdb->hide_errors(); 1033 // @RawSQLUse, trivial_implementation 953 1034 $wpdb->query("ALTER TABLE `$table` DROP INDEX `$index`"); 954 1035 // Now we need to take out all the extra ones we may have created 955 1036 for ($i = 0; $i < 25; $i++) { 1037 // @RawSQLUse, trivial_implementation 956 1038 $wpdb->query("ALTER TABLE `$table` DROP INDEX `{$index}_$i`"); 957 1039 } 958 1040 $wpdb->show_errors(); … … 1011 1093 */ 1012 1094 function get_alloptions_110() { 1013 1095 global $wpdb; 1096 // @RawSQLUse, trivial_implementation 1014 1097 if ($options = $wpdb->get_results("SELECT option_name, option_value FROM $wpdb->options")) { 1015 1098 foreach ($options as $option) { 1016 1099 // "When trying to design a foolproof system, … … 1044 1127 return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) ); 1045 1128 } 1046 1129 1130 // @RawSQLUse, trivial_implementation 1047 1131 $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) ); 1048 1132 1049 1133 if ( 'home' == $setting && '' == $option ) … … 1131 1215 } 1132 1216 1133 1217 // Check to see which tables and fields exist 1218 // @RawSQLUse, trivial_implementation 1134 1219 if($tables = $wpdb->get_col('SHOW TABLES;')) { 1135 1220 // For every table in the database 1136 1221 foreach($tables as $table) { … … 1177 1262 } 1178 1263 1179 1264 // Fetch the table column structure from the database 1265 // @RawSQLUse, trivial_implementation 1180 1266 $tablefields = $wpdb->get_results("DESCRIBE {$table};"); 1181 1267 1182 1268 // For every field in the table … … 1217 1303 // For every remaining field specified for the table 1218 1304 foreach($cfields as $fieldname => $fielddef) { 1219 1305 // Push a query line into $cqueries that adds the field to that table 1306 // @RawSQLUse, trivial_implementation 1220 1307 $cqueries[] = "ALTER TABLE {$table} ADD COLUMN $fielddef"; 1221 1308 $for_update[$table.'.'.$fieldname] = 'Added column '.$table.'.'.$fieldname; 1222 1309 } 1223 1310 1224 1311 // Index stuff goes here 1225 1312 // Fetch the table index structure from the database 1313 // @RawSQLUse, trivial_implementation 1226 1314 $tableindices = $wpdb->get_results("SHOW INDEX FROM {$table};"); 1227 1315 1228 1316 if($tableindices) { -
wp-admin/includes/schema.php
311 311 // Set up a few options not to load by default 312 312 $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' ); 313 313 foreach ($fatoptions as $fatoption) : 314 // @RawSQLUse, method_exists 314 315 $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); 315 316 endforeach; 316 317 } -
wp-admin/includes/comment.php
19 19 function comment_exists($comment_author, $comment_date) { 20 20 global $wpdb; 21 21 22 // @RawSQLUse, trivial_implementation 22 23 return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments 23 24 WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) ); 24 25 } -
wp-admin/includes/template.php
1687 1687 // catch and repair bad pages 1688 1688 if ( $page->post_parent == $page->ID ) { 1689 1689 $page->post_parent = 0; 1690 // @RawSQLUse, method_exists 1690 1691 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) ); 1691 1692 clean_page_cache( $page->ID ); 1692 1693 } -
wp-admin/includes/user.php
197 197 function get_author_user_ids() { 198 198 global $wpdb; 199 199 $level_key = $wpdb->prefix . 'user_level'; 200 // @RawSQLUse, trivial_implementation 200 201 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); 201 202 } 202 203 … … 250 251 251 252 $level_key = $wpdb->prefix . 'user_level'; 252 253 254 // @RawSQLUse, trivial_implementation 253 255 $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); 254 256 if ( $exclude_zeros ) 255 257 $query .= " AND meta_value != '0'"; … … 295 297 global $wpdb; 296 298 $level_key = $wpdb->prefix . 'user_level'; 297 299 300 // @RawSQLUse, trivial_implementation 298 301 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); 299 302 } 300 303 … … 413 416 $id = (int) $id; 414 417 415 418 if ($reassign == 'novalue') { 419 // @RawSQLUse, trivial_implementation 416 420 $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); 417 421 418 422 if ($post_ids) { … … 421 425 } 422 426 423 427 // Clean links 428 // @RawSQLUse, trivial_implementation 424 429 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); 425 430 } else { 426 431 $reassign = (int) $reassign; 432 // @RawSQLUse, method_exists 427 433 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); 434 // @RawSQLUse, method_exists 428 435 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d", $reassign, $id) ); 429 436 } 430 437 431 438 // FINALLY, delete user 432 439 do_action('delete_user', $id); 433 440 441 // @RawSQLUse, trivial_implementation 434 442 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) ); 443 // @RawSQLUse, trivial_implementation 435 444 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) ); 436 445 437 446 wp_cache_delete($id, 'users'); … … 628 637 * 629 638 * @since unknown 630 639 * @access public 640 * @RawSQLUse, algorithmic 631 641 */ 632 642 function prepare_query() { 633 643 global $wpdb; -
wp-admin/includes/export.php
296 296 <wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url> 297 297 <?php } ?> 298 298 <?php 299 // @RawSQLUse, trivial_implementation 299 300 $postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) ); 300 301 if ( $postmeta ) { 301 302 ?> … … 307 308 <?php } ?> 308 309 <?php } ?> 309 310 <?php 311 // @RawSQLUse, trivial_implementation 310 312 $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) ); 311 313 if ( $comments ) { foreach ( $comments as $c ) { ?> 312 314 <wp:comment> -
wp-admin/install-helper.php
73 73 */ 74 74 function maybe_create_table($table_name, $create_ddl) { 75 75 global $wpdb; 76 // @RawSQLUse, trivial_implementation 76 77 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 77 78 if ($table == $table_name) { 78 79 return true; … … 81 82 //didn't find it try to create it. 82 83 $wpdb->query($create_ddl); 83 84 // we cannot directly tell that whether this succeeded! 85 // @RawSQLUse, trivial_implementation 84 86 foreach ($wpdb->get_col("SHOW TABLES",0) as $table ) { 85 87 if ($table == $table_name) { 86 88 return true; … … 107 109 */ 108 110 function maybe_add_column($table_name, $column_name, $create_ddl) { 109 111 global $wpdb, $debug; 112 // @RawSQLUse, trivial_implementation 110 113 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 111 114 if ($debug) echo("checking $column == $column_name<br />"); 112 115 … … 117 120 //didn't find it try to create it. 118 121 $wpdb->query($create_ddl); 119 122 // we cannot directly tell that whether this succeeded! 123 // @RawSQLUse, trivial_implementation 120 124 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 121 125 if ($column == $column_name) { 122 126 return true; … … 141 145 */ 142 146 function maybe_drop_column($table_name, $column_name, $drop_ddl) { 143 147 global $wpdb; 148 // @RawSQLUse, trivial_implementation 144 149 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 145 150 if ($column == $column_name) { 146 151 //found it try to drop it. 147 152 $wpdb->query($drop_ddl); 148 153 // we cannot directly tell that whether this succeeded! 154 // @RawSQLUse, trivial_implementation 149 155 foreach ($wpdb->get_col("DESC $table_name",0) as $column ) { 150 156 if ($column == $column_name) { 151 157 return false; … … 189 195 function check_column($table_name, $col_name, $col_type, $is_null = null, $key = null, $default = null, $extra = null) { 190 196 global $wpdb, $debug; 191 197 $diffs = 0; 198 // @RawSQLUse, trivial_implementation 192 199 $results = $wpdb->get_results("DESC $table_name"); 193 200 194 201 foreach ($results as $row ) { -
wp-admin/import/btt.php
77 77 echo '<p><h3>'.__('Reading Bunny’s Technorati Tags…').'</h3></p>'; 78 78 79 79 // import Bunny's Keywords tags 80 // @RawSQLUse, trivial_implementation 80 81 $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'tags'"); 81 82 if ( !is_array($metakeys)) { 82 83 echo '<p>' . __('No Tags Found!') . '</p>'; -
wp-admin/import/jkw.php
92 92 echo '<p><h3>'.__('Reading Jerome’s Keywords Tags…').'</h3></p>'; 93 93 94 94 // import Jerome's Keywords tags 95 // @RawSQLUse, trivial_implementation 95 96 $metakeys = $wpdb->get_results("SELECT post_id, meta_id, meta_key, meta_value FROM $wpdb->postmeta WHERE $wpdb->postmeta.meta_key = 'keywords'"); 96 97 if ( !is_array($metakeys)) { 97 98 echo '<p>' . __('No Tags Found!') . '</p>'; … … 133 134 134 135 // import Jerome's Keywords tags 135 136 $tablename = $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1); 137 // @RawSQLUse, trivial_implementation 136 138 $metakeys = $wpdb->get_results("SELECT post_id, tag_name FROM $tablename"); 137 139 if ( !is_array($metakeys) ) { 138 140 echo '<p>' . __('No Tags Found!') . '</p>'; … … 164 166 /* options from V2.0a (jeromes-keywords.php) */ 165 167 $options = array('version', 'keywords_table', 'query_varname', 'template', 'meta_always_include', 'meta_includecats', 'meta_autoheader', 'search_strict', 'use_feed_cats', 'post_linkformat', 'post_tagseparator', 'post_includecats', 'post_notagstext', 'cloud_linkformat', 'cloud_tagseparator', 'cloud_includecats', 'cloud_sortorder', 'cloud_displaymax', 'cloud_displaymin', 'cloud_scalemax', 'cloud_scalemin'); 166 168 169 // @RawSQLUse, trivial_implementation 167 170 $wpdb->query('DROP TABLE IF EXISTS ' . $wpdb->prefix . substr(get_option('jkeywords_keywords_table'), 1, -1)); 168 171 169 172 foreach ( $options as $o ) -
wp-admin/import/dotclear.php
44 44 function link_exists($linkname) 45 45 { 46 46 global $wpdb; 47 // @RawSQLUse, trivial_implementation 47 48 return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 48 49 } 49 50 } … … 228 229 $dbprefix = get_option('dcdbprefix'); 229 230 230 231 // Get Categories 232 // @RawSQLUse, trivial_implementation 231 233 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'categorie', ARRAY_A); 232 234 } 233 235 … … 241 243 242 244 // Get Users 243 245 246 // @RawSQLUse, trivial_implementation 244 247 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'user', ARRAY_A); 245 248 } 246 249 … … 266 269 $dbprefix = get_option('dcdbprefix'); 267 270 268 271 // Get Comments 272 // @RawSQLUse, trivial_implementation 269 273 return $dcdb->get_results('SELECT * FROM '.$dbprefix.'comment', ARRAY_A); 270 274 } 271 275 -
wp-admin/import/stp.php
117 117 function get_stp_posts ( ) { 118 118 global $wpdb; 119 119 // read in all the posts from the STP post->tag table: should be wp_post2tag 120 // @RawSQLUse, trivial_implementation 120 121 $posts_query = "SELECT post_id, tag_name FROM " . $wpdb->prefix . "stp_tags"; 121 122 $posts = $wpdb->get_results($posts_query); 122 123 return $posts; -
wp-admin/import/wp-cat2tag.php
272 272 if ( $values ) { 273 273 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 274 274 275 // @RawSQLUse, method_exists 275 276 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $category->count, $category->term_id) ); 276 277 } 277 278 … … 280 281 } 281 282 282 283 // if tag already exists, add it to all posts in the category 284 // @RawSQLUse, trivial_implementation 283 285 if ( $tag_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $category->term_id) ) ) { 284 286 $objects_ids = get_objects_in_term($category->term_id, 'category'); 285 287 $tag_ttid = (int) $tag_ttid; … … 292 294 $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id, term_order) VALUES " . join(',', $values) . " ON DUPLICATE KEY UPDATE term_order = VALUES(term_order)"); 293 295 294 296 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag_ttid) ); 297 // @RawSQLUse, method_exists 295 298 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'post_tag'", $count, $category->term_id) ); 296 299 } 297 300 echo __('Tag added to all posts in this category.') . " *</li>\n"; … … 303 306 continue; 304 307 } 305 308 309 // @RawSQLUse, trivial_implementation 306 310 $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 307 311 if ( $tt_ids ) { 308 312 $posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id"); … … 311 315 } 312 316 313 317 // Change the category to a tag. 318 // @RawSQLUse, method_exists 314 319 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) ); 315 320 316 321 // Set all parents to 0 (root-level) if their parent was the converted tag 322 // @RawSQLUse, method_exists 317 323 $parents = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) ); 318 324 319 325 if ( $parents ) $clear_parents = true; … … 366 372 if ( $tag = get_term( $tag_id, 'post_tag' ) ) { 367 373 printf('<li>' . __('Converting tag <strong>%s</strong> ... '), $tag->name); 368 374 375 // @RawSQLUse, trivial_implementation 369 376 if ( $cat_ttid = $wpdb->get_var( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $tag->term_id) ) ) { 370 377 $objects_ids = get_objects_in_term($tag->term_id, 'post_tag'); 371 378 $cat_ttid = (int) $cat_ttid; … … 381 388 382 389 if ( $default_cat != $tag->term_id ) { 383 390 $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tag->term_id) ); 391 // @RawSQLUse, method_exists 384 392 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_id = %d AND taxonomy = 'category'", $count, $tag->term_id) ); 385 393 } 386 394 } … … 394 402 } 395 403 396 404 // Change the tag to a category. 405 // @RawSQLUse, trivial_implementation 397 406 $parent = $wpdb->get_var( $wpdb->prepare("SELECT parent FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 398 407 if ( 0 == $parent || (0 < (int) $parent && $this->_category_exists($parent)) ) { 399 408 $reset_parent = ''; … … 401 410 } else 402 411 $reset_parent = ", parent = '0'"; 403 412 413 // @RawSQLUse, method_exists 404 414 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'category' $reset_parent WHERE term_id = %d AND taxonomy = 'post_tag'", $tag->term_id) ); 405 415 406 416 $clean_term_cache[] = $tag->term_id; -
wp-admin/import/utw.php
187 187 global $wpdb; 188 188 189 189 // read in all the tags from the UTW tags table: should be wp_tags 190 // @RawSQLUse, trivial_implementation 190 191 $tags_query = "SELECT tag_id, tag FROM " . $wpdb->prefix . "tags"; 191 192 192 193 $tags = $wpdb->get_results($tags_query); … … 207 208 global $wpdb; 208 209 209 210 // read in all the posts from the UTW post->tag table: should be wp_post2tag 211 // @RawSQLUse, trivial_implementation 210 212 $posts_query = "SELECT tag_id, post_id FROM " . $wpdb->prefix . "post2tag"; 211 213 212 214 $posts = $wpdb->get_results($posts_query); -
wp-admin/import/blogger.php
685 685 $host = $this->blogs[$importing_blog]['host']; 686 686 687 687 // Get an array of posts => authors 688 // @RawSQLUse, trivial_implementation 688 689 $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) ); 689 690 $post_ids = join( ',', $post_ids ); 690 691 $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)"); -
wp-admin/import/textpattern.php
38 38 function link_exists($linkname) 39 39 { 40 40 global $wpdb; 41 // @RawSQLUse, trivial_implementation 41 42 return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) ); 42 43 } 43 44 } … … 84 85 $prefix = get_option('tpre'); 85 86 86 87 // Get Categories 88 // @RawSQLUse, trivial_implementation 87 89 return $txpdb->get_results('SELECT 88 90 id, 89 91 name, … … 103 105 104 106 // Get Users 105 107 108 // @RawSQLUse, trivial_implementation 106 109 return $txpdb->get_results('SELECT 107 110 user_id, 108 111 name, … … 120 123 $prefix = get_option('tpre'); 121 124 122 125 // Get Posts 126 // @RawSQLUse, trivial_implementation 123 127 return $txpdb->get_results('SELECT 124 128 ID, 125 129 Posted, … … 147 151 $prefix = get_option('tpre'); 148 152 149 153 // Get Comments 154 // @RawSQLUse, trivial_implementation 150 155 return $txpdb->get_results('SELECT * FROM '.$prefix.'txp_discuss', ARRAY_A); 151 156 } 152 157 … … 157 162 set_magic_quotes_runtime(0); 158 163 $prefix = get_option('tpre'); 159 164 165 // @RawSQLUse, trivial_implementation 160 166 return $txpdb->get_results('SELECT 161 167 id, 162 168 date, -
wp-admin/import/wordpress.php
677 677 $local_child_id = $this->post_ids_processed[$child_id]; 678 678 $local_parent_id = $this->post_ids_processed[$parent_id]; 679 679 if ($local_child_id and $local_parent_id) { 680 // @RawSQLUse, method_exists 680 681 $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $local_parent_id, $local_child_id)); 681 682 } 682 683 } -
wp-admin/upload.php
20 20 21 21 if ( ! current_user_can('edit_posts') ) 22 22 wp_die( __('You are not allowed to scan for lost attachments.') ); 23 23 24 24 $all_posts = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'post' OR post_type = 'page'"); 25 // @RawSQLUse, trivial_implementation 25 26 $all_att = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'attachment'"); 26 27 27 28 $lost = array(); … … 117 118 } else { 118 119 $start = ( $_GET['paged'] - 1 ) * 25; 119 120 $orphans = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent < 1 LIMIT $start, 25" ); 121 // @RawSQLUse, trivial_implementation 120 122 $page_links_total = ceil($wpdb->get_var( "SELECT FOUND_ROWS()" ) / 25); 121 123 }