Changeset 6173
- Timestamp:
- 09/27/2007 07:34:15 AM (17 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/bookmark.php
r6026 r6173 4 4 global $wpdb; 5 5 6 $bookmark_id = (int) $bookmark_id; 7 $link = $wpdb->get_row("SELECT * FROM $wpdb->links WHERE link_id = '$bookmark_id' LIMIT 1"); 6 $link = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->links WHERE link_id = %d LIMIT 1", $bookmark_id)); 8 7 $link->link_category = array_unique( wp_get_object_terms($link_id, 'link_category', 'fields=ids') ); 9 8 -
trunk/wp-includes/canonical.php
r6143 r6173 181 181 return false; 182 182 183 $where = "post_name LIKE '" . $wpdb->escape(get_query_var('name')) . "%'";183 $where = $wpdb->prepare("post_name LIKE %s", get_query_var('name') . '%'); 184 184 185 185 // if any of year, monthnum, or day are set, use them to refine the query 186 186 if ( get_query_var('year') ) 187 $where .= " AND YEAR(post_date) = '" . $wpdb->escape(get_query_var('year')) . "'";187 $where .= $wpdb->prepare(" AND YEAR(post_date) = %d", get_query_var('year')); 188 188 if ( get_query_var('monthnum') ) 189 $where .= " AND MONTH(post_date) = '" . $wpdb->escape(get_query_var('monthnum')) . "'";189 $where .= $wpdb->prepare(" AND MONTH(post_date) = %d", get_query_var('monthnum')); 190 190 if ( get_query_var('day') ) 191 $where .= " AND DAYOFMONTH(post_date) = '" . $wpdb->escape(get_query_var('day')) . "'";191 $where .= $wpdb->prepare(" AND DAYOFMONTH(post_date) = %d", get_query_var('day')); 192 192 193 193 $post_id = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE $where AND post_status = 'publish'"); -
trunk/wp-includes/comment-template.php
r6026 r6173 289 289 // TODO: Use API instead of SELECTs. 290 290 if ( $user_ID) { 291 $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND (comment_approved = '1' OR ( user_id = '$user_ID' AND comment_approved = '0' ) ) ORDER BY comment_date");291 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND (comment_approved = '1' OR ( user_id = %d AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $user_ID)); 292 292 } else if ( empty($comment_author) ) { 293 $comments = $wpdb->get_results( "SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");293 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post->ID)); 294 294 } else { 295 $author_db = $wpdb->escape($comment_author); 296 $email_db = $wpdb->escape($comment_author_email); 297 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); 295 $comments = $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND ( comment_approved = '1' OR ( comment_author = %s AND comment_author_email = %s AND comment_approved = '0' ) ) ORDER BY comment_date", $post->ID, $comment_author, $comment_author_email)); 298 296 } 299 297 -
trunk/wp-includes/comment.php
r5975 r6173 42 42 $uri = parse_url( get_option('home') ); 43 43 $home_domain = $uri['host']; 44 if ( $wpdb->get_var( "SELECT link_id FROM $wpdb->links WHERE link_url LIKE ('%$domain%') LIMIT 1") || $domain == $home_domain )44 if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 45 45 return true; 46 46 else 47 47 return false; 48 48 } elseif ( $author != '' && $email != '' ) { 49 // expected_slashed ($author, $email) 49 50 $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 50 51 if ( ( 1 == $ok_to_comment ) && … … 63 64 function get_approved_comments($post_id) { 64 65 global $wpdb; 65 66 $post_id = (int) $post_id; 67 return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date"); 66 return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); 68 67 } 69 68 … … 83 82 $_comment = $comment; 84 83 } else { 85 $comment = (int) $comment;86 84 if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { 87 85 $_comment = & $GLOBALS['comment']; 88 86 } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { 89 $_comment = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");87 $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); 90 88 wp_cache_add($_comment->comment_ID, $_comment, 'comment'); 91 89 } … … 110 108 global $postc, $id, $commentdata, $wpdb; 111 109 if ( $no_cache ) { 112 $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";110 $query = $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID); 113 111 if ( false == $include_unapproved ) 114 112 $query .= " AND comment_approved = '1'"; … … 139 137 switch ( strtolower($timezone)) { 140 138 case 'gmt': 141 $lastcommentmodified = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");139 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 142 140 break; 143 141 case 'blog': 144 $lastcommentmodified = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");142 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 145 143 break; 146 144 case 'server': 147 $lastcommentmodified = $wpdb->get_var( "SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");145 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server, $now)); 148 146 break; 149 147 } … … 184 182 185 183 // Simple duplicate check 184 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 186 185 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; 187 186 if ( $comment_author_email ) … … 196 195 $userdata = get_userdata($user_id); 197 196 $user = new WP_User($user_id); 198 $post_author = $wpdb->get_var( "SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");197 $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); 199 198 } 200 199
Note: See TracChangeset
for help on using the changeset viewer.