Changeset 6173 for trunk/wp-includes/comment.php
- Timestamp:
- 09/27/2007 07:34:15 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/comment.php
r5975 r6173 42 42 $uri = parse_url( get_option('home') ); 43 43 $home_domain = $uri['host']; 44 if ( $wpdb->get_var( "SELECT link_id FROM $wpdb->links WHERE link_url LIKE ('%$domain%') LIMIT 1") || $domain == $home_domain )44 if ( $wpdb->get_var($wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_url LIKE (%s) LIMIT 1", '%'.$domain.'%')) || $domain == $home_domain ) 45 45 return true; 46 46 else 47 47 return false; 48 48 } elseif ( $author != '' && $email != '' ) { 49 // expected_slashed ($author, $email) 49 50 $ok_to_comment = $wpdb->get_var("SELECT comment_approved FROM $wpdb->comments WHERE comment_author = '$author' AND comment_author_email = '$email' and comment_approved = '1' LIMIT 1"); 50 51 if ( ( 1 == $ok_to_comment ) && … … 63 64 function get_approved_comments($post_id) { 64 65 global $wpdb; 65 66 $post_id = (int) $post_id; 67 return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date"); 66 return $wpdb->get_results($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1' ORDER BY comment_date", $post_id)); 68 67 } 69 68 … … 83 82 $_comment = $comment; 84 83 } else { 85 $comment = (int) $comment;86 84 if ( isset($GLOBALS['comment']) && ($GLOBALS['comment']->comment_ID == $comment) ) { 87 85 $_comment = & $GLOBALS['comment']; 88 86 } elseif ( ! $_comment = wp_cache_get($comment, 'comment') ) { 89 $_comment = $wpdb->get_row( "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment' LIMIT 1");87 $_comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment)); 90 88 wp_cache_add($_comment->comment_ID, $_comment, 'comment'); 91 89 } … … 110 108 global $postc, $id, $commentdata, $wpdb; 111 109 if ( $no_cache ) { 112 $query = "SELECT * FROM $wpdb->comments WHERE comment_ID = '$comment_ID'";110 $query = $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID = %d", $comment_ID); 113 111 if ( false == $include_unapproved ) 114 112 $query .= " AND comment_approved = '1'"; … … 139 137 switch ( strtolower($timezone)) { 140 138 case 'gmt': 141 $lastcommentmodified = $wpdb->get_var( "SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");139 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 142 140 break; 143 141 case 'blog': 144 $lastcommentmodified = $wpdb->get_var( "SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");142 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT comment_date FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $now)); 145 143 break; 146 144 case 'server': 147 $lastcommentmodified = $wpdb->get_var( "SELECT DATE_ADD(comment_date_gmt, INTERVAL '$add_seconds_server' SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= '$now' AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1");145 $lastcommentmodified = $wpdb->get_var($wpdb->prepare("SELECT DATE_ADD(comment_date_gmt, INTERVAL %s SECOND) FROM $wpdb->comments WHERE comment_date_gmt <= %s AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 1", $add_seconds_server, $now)); 148 146 break; 149 147 } … … 184 182 185 183 // Simple duplicate check 184 // expected_slashed ($comment_post_ID, $comment_author, $comment_author_email, $comment_content) 186 185 $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$comment_author' "; 187 186 if ( $comment_author_email ) … … 196 195 $userdata = get_userdata($user_id); 197 196 $user = new WP_User($user_id); 198 $post_author = $wpdb->get_var( "SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");197 $post_author = $wpdb->get_var($wpdb->prepare("SELECT post_author FROM $wpdb->posts WHERE ID = %d LIMIT 1", $comment_post_ID)); 199 198 } 200 199
Note: See TracChangeset
for help on using the changeset viewer.