Changeset 10724

Timestamp:

03/05/2009 11:47:02 PM (16 years ago)

Author:

ryan

Message:

Add typecasting to wpdb::insert() and update(). Props filosofo. fixes #7171

Location:

trunk/wp-includes

Files:

• post.php (modified) (2 diffs)
• wp-db.php (modified) (2 diffs)

trunk/wp-includes/post.php

@@ -1500 +1500 @@
 
     // expected_slashed (everything!)
-    $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
+    $fields = array( 'post_author' => '%d', 'post_date' => '%s', 'post_date_gmt' => '%s', 'post_content' => '%s', 'post_content_filtered' => '%s', 'post_title' => '%s',
+        'post_excerpt' => '%s', 'post_status' => '%s', 'post_type' => '%s', 'comment_status' => '%s', 'ping_status' => '%s', 'post_password' => '%s', 'post_name' => '%s',
+        'to_ping' => '%s', 'pinged' => '%s', 'post_modified' => '%s', 'post_modified_gmt' => '%s', 'post_parent' => '%d', 'menu_order' => '%d', 'guid' => '%s' );
+    $data = compact( array_keys( $fields) );
+    $data_formats = array_values( $fields );
     $data = apply_filters('wp_insert_post_data', $data, $postarr);
     $data = stripslashes_deep( $data );
+    error_log(var_export($data, true));
     $where = array( 'ID' => $post_ID );
-
-    if ($update) {
+    $where_formats = array('%d');
+
+    if ( $update ) {
         do_action( 'pre_post_update', $post_ID );
-        if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) {
+        if ( false === $wpdb->update( $wpdb->posts, $data, $where, $data_formats, $where_formats ) ) {
             if ( $wp_error )
                 return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error);
@@ -1523 +1529 @@
             }
         }
-        if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
+        if ( false === $wpdb->insert( $wpdb->posts, $data, $data_formats ) ) {
             if ( $wp_error )
                 return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);

trunk/wp-includes/wp-db.php

@@ -700 +700 @@
      * @param string $table WARNING: not sanitized!
      * @param array $data Should not already be SQL-escaped
+     * @param array|string $format The format of the field values.
      * @return mixed Results of $this->query()
      */
-    function insert($table, $data) {
-        $data = $this->_escape($data);
+    function insert($table, $data, $format = '%s') {
+        $format = (array) $format;
         $fields = array_keys($data);
-        return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
+        $formatted_fields = array();
+        foreach ( $data as $field ) {
+            $form = ( $form = array_shift($format) ) ? $form : $formatted_fields[0];
+            $formatted_fields[] = $form;
+        }
+        $sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
+        return $this->query( $this->prepare( $sql, $data) );
     }
 
@@ -716 +723 @@
      * @param array $data Should not already be SQL-escaped
      * @param array $where A named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs.  WARNING: the column names are not currently sanitized!
+     * @param array|string $format The format of the field values.
+     * @param array|string $where_format The format of the where field values.
      * @return mixed Results of $this->query()
      */
-    function update($table, $data, $where){
-        $data = $this->_escape($data);
+    function update($table, $data, $where, $format = '%s', $where_format = '%s') {
+        if ( !is_array( $where ) )
+            return false;
+
+        $formats = $format = (array) $format;
         $bits = $wheres = array();
-        foreach ( (array) array_keys($data) as $k )
-            $bits[] = "`$k` = '$data[$k]'";
-
-        if ( is_array( $where ) )
-            foreach ( $where as $c => $v )
-                $wheres[] = "$c = '" . $this->_escape( $v ) . "'";
-        else
-            return false;
-
-        return $this->query( "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ) );
+        foreach ( (array) array_keys($data) as $k ) {
+            $form = ( $form = array_shift($formats) ) ? $form : $format[0];
+            $bits[] = "`$k` = {$form}";
+        }
+
+        $where_formats = $where_format = (array) $where_format;
+        foreach ( $where as $c => $v ) {
+            $form = ( $form = array_shift($where_formats) ) ? $form : $where_format[0];
+            $wheres[] = "$c = {$form}";
+        }
+
+        $sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
+        return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
     }