WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/22/2006 12:02:00 AM (16 years ago)
Author:
ryan
Message:

Add some prophylactic int casts and quoting.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions-post.php

    r3709 r3740  
    366366    $postid = (int) $postid;
    367367
    368     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
     368    if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
    369369        return $post;
    370370
     
    375375    $file = get_post_meta($postid, '_wp_attached_file', true);
    376376
    377     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
    378 
    379     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
    380 
    381     $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
    382 
    383     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
     377    $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
     378
     379    $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
     380
     381    $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
     382
     383    $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
    384384
    385385    if ( ! empty($meta['thumb']) ) {
    386386        // Don't delete the thumb if another attachment uses it
    387         if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
     387        if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
    388388            @ unlink(str_replace(basename($file), $meta['thumb'], $file));
    389389    }
     
    482482    global $wpdb;
    483483
     484    $post_ID = (int) $post_ID;
     485
    484486    $sql = "SELECT category_id
    485487        FROM $wpdb->post2cat
    486         WHERE post_id = $post_ID
     488        WHERE post_id = '$post_ID'
    487489        ORDER BY category_id";
    488490
Note: See TracChangeset for help on using the changeset viewer.