Changeset 6180 for trunk/wp-includes/general-template.php

Timestamp:

10/02/2007 06:45:47 PM (18 years ago)

Author:

markjaquith

Message:

prepare() for wp-includes/ link-template.php, post.php, general-template.php, pluggable.php, functions.php. see #4553

File:

• trunk/wp-includes/general-template.php (modified) (3 diffs)

trunk/wp-includes/general-template.php

@@ -209 +209 @@
     if ( !empty($author_name) ) {
         // We do a direct query here because we don't cache by nicename.
-        $title = $wpdb->get_var("SELECT display_name FROM $wpdb->users WHERE user_nicename = '$author_name'");
+        $title = $wpdb->get_var($wpdb->prepare("SELECT display_name FROM $wpdb->users WHERE user_nicename = %s", $author_name));
     }
 
@@ -256 +256 @@
     if ( intval($p) || '' != $name ) {
         if ( !$p )
-            $p = $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_name = '$name'");
+            $p = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_name = %s", $name));
         $post = & get_post($p);
         $title = $post->post_title;
@@ -364 +364 @@
 
     if ( '' != $limit ) {
-        $limit = (int) $limit;
+        $limit = abs(intval($limit));
         $limit = ' LIMIT '.$limit;
     }