Make WordPress Core


Ignore:
Timestamp:
09/27/2007 07:34:15 AM (17 years ago)
Author:
markjaquith
Message:

prepare() for wp-includes/ bookmark.php, canonical.php, comment.php, comment-template.php. see #4553

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r5975 r6173  
    4242            $uri = parse_url( get_option('home') );
    4343            $home_domain = $uri['host'];
    44             if ( $wpdb->get_var("SELECT link_id FROM $wpdb->links WHERE link_url LIKE ('%$domain%') LIMIT 1") || $domain == $home_domain )
     44            if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain )
    4545                return true;
    4646            else
    4747                return false;
    4848        } elseif ( $author != '' && $email != '' ) {
     49            // expected_slashed ($author, $email)
    4950            $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1");
    5051            if ( ( 1 == $ok_to_comment ) &&
     
    6364function get_approved_comments($post_id) {
    6465    global $wpdb;
    65 
    66     $post_id = (int) $post_id;
    67     return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date");
     66    return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id));
    6867}
    6968
     
    8382        $_comment = $comment;
    8483    } else {
    85         $comment = (int) $comment;
    8684        if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) {
    8785            $_comment = & $GLOBALS['comment'];
    8886        } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) {
    89             $_comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");
     87            $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment));
    9088            wp_cache_add($_comment->comment_ID, $_comment, 'comment');
    9189        }
     
    110108    global $postc, $id, $commentdata, $wpdb;
    111109    if ( $no_cache ) {
    112         $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";
     110        $query = $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID);
    113111        if ( false == $include_unapproved )
    114112            $query .= " AND comment_approved = '1'";
     
    139137        switch ( strtolower($timezone)) {
    140138            case 'gmt':
    141                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
     139                $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now));
    142140                break;
    143141            case 'blog':
    144                 $lastcommentmodified = $wpdb->get_var("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
     142                $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now));
    145143                break;
    146144            case 'server':
    147                 $lastcommentmodified = $wpdb->get_var("SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");
     145                $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server, $now));
    148146                break;
    149147        }
     
    184182
    185183    // Simple duplicate check
     184    // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content)
    186185    $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' ";
    187186    if ( $comment_author_email )
     
    196195        $userdata = get_userdata($user_id);
    197196        $user = new WP_User($user_id);
    198         $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
     197        $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID));
    199198    }
    200199
Note: See TracChangeset for help on using the changeset viewer.