Changeset 6180 for trunk/wp-includes/pluggable.php

Timestamp:

10/02/2007 06:45:47 PM (18 years ago)

Author:

markjaquith

Message:

prepare() for wp-includes/ link-template.php, post.php, general-template.php, pluggable.php, functions.php. see #4553

File:

• trunk/wp-includes/pluggable.php (modified) (4 diffs)

trunk/wp-includes/pluggable.php

@@ -61 +61 @@
 function get_userdata( $user_id ) {
     global $wpdb;
-    $user_id = (int) $user_id;
+    $user_id = abs(intval($user_id));
     if ( $user_id == 0 )
         return false;
@@ -70 +70 @@
         return $user;
 
-    if ( !$user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE ID = '$user_id' LIMIT 1") )
+    if ( !$user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE ID = %d LIMIT 1", $user_id)) )
         return false;
 
     $wpdb->hide_errors();
-    $metavalues = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
+    $metavalues = $wpdb->get_results($wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id));
     $wpdb->show_errors();
 
@@ -122 +122 @@
         return $userdata;
 
-    $user_login = $wpdb->escape($user_login);
-
-    if ( !$user_ID = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$user_login'") )
+    if ( !$user_ID = $wpdb->get_var($wpdb->prepare("SELECT ID FROM $wpdb->users WHERE user_login = %s", $user_login)) )
         return false;
 
@@ -580 +578 @@
         return true;
 
-    $comment = $wpdb->get_row("SELECT * FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1");
-    $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID='$comment->comment_post_ID' LIMIT 1");
+    $comment = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_ID=%d LIMIT 1", $comment_id));
+    $post = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID=%d LIMIT 1", $comment->comment_post_ID));
 
     $comment_author_domain = @gethostbyaddr($comment->comment_author_IP);