Changeset 41662 for trunk/src/wp-includes/wp-db.php

Timestamp:

10/02/2017 02:10:14 AM (8 years ago)

Author:

pento

Message:

Database: Throw a notice if wpdb::prepare() is called with an incorrect number of arguments

wpdb::prepare() currently gives no information if the number of arguments passed doesn't match the number of placeholders in the query. This change gives an explicit notice that the call was incorrect.

Also fixes an enrelated term meta test that was triggering this new notice.

Props thekt12 for the initial patch.
Fixes #42040.

File:

• trunk/src/wp-includes/wp-db.php (modified) (2 diffs)

trunk/src/wp-includes/wp-db.php

@@ -1252 +1252 @@
         $query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
         $query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
-        $query = preg_replace( '/%(?:%|$|([^dsF]))/', '%%\\1', $query ); // escape any unescaped percents 
+        $query = preg_replace( '/%(?:%|$|([^dsF]))/', '%%\\1', $query ); // escape any unescaped percents
+
+        // Count the number of valid placeholders in the query
+        $placeholders = preg_match_all( '/(^|[^%]|(%%)+)%[sdF]/', $query );
+
+        if ( count ( $args ) !== $placeholders ) {
+            _doing_it_wrong( 'wpdb::prepare',
+                sprintf( __( 'The query does not contain the correct number of placeholders (%d) for the number of arguments passed (%d).' ),
+                    $placeholders,
+                    count( $args ) ),
+                '4.9.0'
+            );
+        }
+
         array_walk( $args, array( $this, 'escape_by_ref' ) );
         return @vsprintf( $query, $args );
@@ -2047 +2060 @@
 
         $sql = "UPDATE `$table` SET $fields WHERE $conditions";
-
+        
         $this->check_current_query = false;
         return $this->query( $this->prepare( $sql, $values ) );