WordPress.org

Make WordPress Core

Changeset 10724


Ignore:
Timestamp:
03/05/2009 11:47:02 PM (9 years ago)
Author:
ryan
Message:

Add typecasting to wpdb::insert() and update(). Props filosofo. fixes #7171

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r10711 r10724  
    15001500
    15011501    // expected_slashed (everything!)
    1502     $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
     1502    $fields = array( 'post_author' => '%d', 'post_date' => '%s', 'post_date_gmt' => '%s', 'post_content' => '%s', 'post_content_filtered' => '%s', 'post_title' => '%s',
     1503        'post_excerpt' => '%s', 'post_status' => '%s', 'post_type' => '%s', 'comment_status' => '%s', 'ping_status' => '%s', 'post_password' => '%s', 'post_name' => '%s',
     1504        'to_ping' => '%s', 'pinged' => '%s', 'post_modified' => '%s', 'post_modified_gmt' => '%s', 'post_parent' => '%d', 'menu_order' => '%d', 'guid' => '%s' );
     1505    $data = compact( array_keys( $fields) );
     1506    $data_formats = array_values( $fields );
    15031507    $data = apply_filters('wp_insert_post_data', $data, $postarr);
    15041508    $data = stripslashes_deep( $data );
     1509    error_log(var_export($data, true));
    15051510    $where = array( 'ID' => $post_ID );
    1506 
    1507     if ($update) {
     1511    $where_formats = array('%d');
     1512
     1513    if ( $update ) {
    15081514        do_action( 'pre_post_update', $post_ID );
    1509         if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) {
     1515        if ( false === $wpdb->update( $wpdb->posts, $data, $where, $data_formats, $where_formats ) ) {
    15101516            if ( $wp_error )
    15111517                return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error);
     
    15231529            }
    15241530        }
    1525         if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
     1531        if ( false === $wpdb->insert( $wpdb->posts, $data, $data_formats ) ) {
    15261532            if ( $wp_error )
    15271533                return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);
  • trunk/wp-includes/wp-db.php

    r10721 r10724  
    700700     * @param string $table WARNING: not sanitized!
    701701     * @param array $data Should not already be SQL-escaped
     702     * @param array|string $format The format of the field values.
    702703     * @return mixed Results of $this->query()
    703704     */
    704     function insert($table, $data) {
    705         $data = $this->_escape($data);
     705    function insert($table, $data, $format = '%s') {
     706        $format = (array) $format;
    706707        $fields = array_keys($data);
    707         return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
     708        $formatted_fields = array();
     709        foreach ( $data as $field ) {
     710            $form = ( $form = array_shift($format) ) ? $form : $formatted_fields[0];
     711            $formatted_fields[] = $form;
     712        }
     713        $sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
     714        return $this->query( $this->prepare( $sql, $data) );
    708715    }
    709716
     
    716723     * @param array $data Should not already be SQL-escaped
    717724     * @param array $where A named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs.  WARNING: the column names are not currently sanitized!
     725     * @param array|string $format The format of the field values.
     726     * @param array|string $where_format The format of the where field values.
    718727     * @return mixed Results of $this->query()
    719728     */
    720     function update($table, $data, $where){
    721         $data = $this->_escape($data);
     729    function update($table, $data, $where, $format = '%s', $where_format = '%s') {
     730        if ( !is_array( $where ) )
     731            return false;
     732
     733        $formats = $format = (array) $format;
    722734        $bits = $wheres = array();
    723         foreach ( (array) array_keys($data) as $k )
    724             $bits[] = "`$k` = '$data[$k]'";
    725 
    726         if ( is_array( $where ) )
    727             foreach ( $where as $c => $v )
    728                 $wheres[] = "$c = '" . $this->_escape( $v ) . "'";
    729         else
    730             return false;
    731 
    732         return $this->query( "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ) );
     735        foreach ( (array) array_keys($data) as $k ) {
     736            $form = ( $form = array_shift($formats) ) ? $form : $format[0];
     737            $bits[] = "`$k` = {$form}";
     738        }
     739
     740        $where_formats = $where_format = (array) $where_format;
     741        foreach ( $where as $c => $v ) {
     742            $form = ( $form = array_shift($where_formats) ) ? $form : $where_format[0];
     743            $wheres[] = "$c = {$form}";
     744        }
     745
     746        $sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
     747        return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
    733748    }
    734749
Note: See TracChangeset for help on using the changeset viewer.