WordPress.org

Make WordPress Core

Changeset 10724


Ignore:
Timestamp:
03/05/09 23:47:02 (6 years ago)
Author:
ryan
Message:

Add typecasting to wpdb::insert() and update(). Props filosofo. fixes #7171

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r10711 r10724  
    15001500 
    15011501    // expected_slashed (everything!) 
    1502     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) ); 
     1502    $fields = array( 'post_author' => '%d', 'post_date' => '%s', 'post_date_gmt' => '%s', 'post_content' => '%s', 'post_content_filtered' => '%s', 'post_title' => '%s', 
     1503        'post_excerpt' => '%s', 'post_status' => '%s', 'post_type' => '%s', 'comment_status' => '%s', 'ping_status' => '%s', 'post_password' => '%s', 'post_name' => '%s', 
     1504        'to_ping' => '%s', 'pinged' => '%s', 'post_modified' => '%s', 'post_modified_gmt' => '%s', 'post_parent' => '%d', 'menu_order' => '%d', 'guid' => '%s' ); 
     1505    $data = compact( array_keys( $fields) ); 
     1506    $data_formats = array_values( $fields ); 
    15031507    $data = apply_filters('wp_insert_post_data', $data, $postarr); 
    15041508    $data = stripslashes_deep( $data ); 
     1509    error_log(var_export($data, true)); 
    15051510    $where = array( 'ID' => $post_ID ); 
    1506  
    1507     if ($update) { 
     1511    $where_formats = array('%d'); 
     1512 
     1513    if ( $update ) { 
    15081514        do_action( 'pre_post_update', $post_ID ); 
    1509         if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) { 
     1515        if ( false === $wpdb->update( $wpdb->posts, $data, $where, $data_formats, $where_formats ) ) { 
    15101516            if ( $wp_error ) 
    15111517                return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error); 
     
    15231529            } 
    15241530        } 
    1525         if ( false === $wpdb->insert( $wpdb->posts, $data ) ) { 
     1531        if ( false === $wpdb->insert( $wpdb->posts, $data, $data_formats ) ) { 
    15261532            if ( $wp_error ) 
    15271533                return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error); 
  • trunk/wp-includes/wp-db.php

    r10721 r10724  
    700700     * @param string $table WARNING: not sanitized! 
    701701     * @param array $data Should not already be SQL-escaped 
     702     * @param array|string $format The format of the field values. 
    702703     * @return mixed Results of $this->query() 
    703704     */ 
    704     function insert($table, $data) { 
    705         $data = $this->_escape($data); 
     705    function insert($table, $data, $format = '%s') { 
     706        $format = (array) $format; 
    706707        $fields = array_keys($data); 
    707         return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')"); 
     708        $formatted_fields = array(); 
     709        foreach ( $data as $field ) { 
     710            $form = ( $form = array_shift($format) ) ? $form : $formatted_fields[0]; 
     711            $formatted_fields[] = $form; 
     712        } 
     713        $sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')"; 
     714        return $this->query( $this->prepare( $sql, $data) ); 
    708715    } 
    709716 
     
    716723     * @param array $data Should not already be SQL-escaped 
    717724     * @param array $where A named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs.  WARNING: the column names are not currently sanitized! 
     725     * @param array|string $format The format of the field values. 
     726     * @param array|string $where_format The format of the where field values. 
    718727     * @return mixed Results of $this->query() 
    719728     */ 
    720     function update($table, $data, $where){ 
    721         $data = $this->_escape($data); 
     729    function update($table, $data, $where, $format = '%s', $where_format = '%s') { 
     730        if ( !is_array( $where ) ) 
     731            return false; 
     732 
     733        $formats = $format = (array) $format; 
    722734        $bits = $wheres = array(); 
    723         foreach ( (array) array_keys($data) as $k ) 
    724             $bits[] = "`$k` = '$data[$k]'"; 
    725  
    726         if ( is_array( $where ) ) 
    727             foreach ( $where as $c => $v ) 
    728                 $wheres[] = "$c = '" . $this->_escape( $v ) . "'"; 
    729         else 
    730             return false; 
    731  
    732         return $this->query( "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ) ); 
     735        foreach ( (array) array_keys($data) as $k ) { 
     736            $form = ( $form = array_shift($formats) ) ? $form : $format[0]; 
     737            $bits[] = "`$k` = {$form}"; 
     738        } 
     739 
     740        $where_formats = $where_format = (array) $where_format; 
     741        foreach ( $where as $c => $v ) { 
     742            $form = ( $form = array_shift($where_formats) ) ? $form : $where_format[0]; 
     743            $wheres[] = "$c = {$form}"; 
     744        } 
     745 
     746        $sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ); 
     747        return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) ); 
    733748    } 
    734749 
Note: See TracChangeset for help on using the changeset viewer.