Make WordPress Core


Ignore:
Timestamp:
06/27/2010 07:55:55 PM (14 years ago)
Author:
ryan
Message:

Use prepare(). Props Ben Ward.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-edit.php

    r15244 r15340  
    287287                $_POST['role'] = $newroles[ $userid ];
    288288                if ( $pass != '' ) {
    289                     $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
     289                    $cap = $wpdb->get_var( $wpdb->prepare( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
    290290                    $userdata = get_userdata($userid);
    291291                    $_POST['pass1'] = $_POST['pass2'] = $pass;
     
    294294                    edit_user( $userid );
    295295                    if ( $cap == null )
    296                         $wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
     296                        $wpdb->query( $wpdb->prepare( "DELETE FROM {$wpdb->usermeta} WHERE user_id = %d AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'", $userid ) );
    297297                }
    298298            }
Note: See TracChangeset for help on using the changeset viewer.