WordPress.org

Make WordPress Core

Changeset 6221


Ignore:
Timestamp:
10/10/07 22:01:40 (7 years ago)
Author:
markjaquith
Message:

Introducing db_insert() and db_update(), with immediate usage in wp_insert_post(). fixes #5178

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r6216 r6221  
    13691369        $pinged = ''; 
    13701370 
     1371    // expected_slashed (everything!) 
     1372    $data = array(); 
     1373    foreach ( array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid') as $f ) 
     1374        $data[$f] = stripslashes($$f); 
     1375    unset($f); 
     1376 
    13711377    if ($update) { 
    1372         // expected_slashed (everything!) 
    1373         $wpdb->query( 
    1374             "UPDATE $wpdb->posts SET 
    1375             post_author = '$post_author', 
    1376             post_date = '$post_date', 
    1377             post_date_gmt = '$post_date_gmt', 
    1378             post_content = '$post_content', 
    1379             post_content_filtered = '$post_content_filtered', 
    1380             post_title = '$post_title', 
    1381             post_excerpt = '$post_excerpt', 
    1382             post_status = '$post_status', 
    1383             post_type = '$post_type', 
    1384             comment_status = '$comment_status', 
    1385             ping_status = '$ping_status', 
    1386             post_password = '$post_password', 
    1387             post_name = '$post_name', 
    1388             to_ping = '$to_ping', 
    1389             pinged = '$pinged', 
    1390             post_modified = '".current_time('mysql')."', 
    1391             post_modified_gmt = '".current_time('mysql',1)."', 
    1392             post_parent = '$post_parent', 
    1393             menu_order = '$menu_order', 
    1394             post_mime_type = '$post_mime_type', 
    1395             guid = '$guid' 
    1396             WHERE ID = $post_ID"); 
    1397     } else { 
    1398         // expected_slashed (everything!) 
    1399         $wpdb->query( 
    1400             "INSERT INTO $wpdb->posts 
    1401             (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt,  post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) 
    1402             VALUES 
    1403             ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')"); 
    1404             $post_ID = (int) $wpdb->insert_id; 
     1378        $wpdb->db_update($wpdb->posts, $data, 'ID', $post_ID); 
     1379    } else { 
     1380        $wpdb->db_insert($wpdb->posts, $data); 
     1381        $post_ID = (int) $wpdb->insert_id; 
    14051382    } 
    14061383 
    14071384    if ( empty($post_name) ) { 
    14081385        $post_name = sanitize_title($post_title, $post_ID); 
    1409         // expected_slashed ($post_name) 
    1410         $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 
     1386        $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '%s' WHERE ID = %d", $post_name, $post_ID)); 
    14111387    } 
    14121388 
  • trunk/wp-includes/wp-db.php

    r6199 r6221  
    252252 
    253253    /** 
     254     * Insert an array of data into a table 
     255     * @param string $table WARNING: not sanitized! 
     256     * @param array $data should not already be SQL-escaped 
     257     * @return mixed results of $this->query() 
     258     */ 
     259    function db_insert($table, $data) { 
     260        $data = add_magic_quotes($data); 
     261        $fields = array_keys($data); 
     262        return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')"); 
     263    } 
     264 
     265    /** 
     266     * Update a row in the table with an array of data 
     267     * @param string $table WARNING: not sanitized! 
     268     * @param array $data should not already be SQL-escaped 
     269     * @param string $where_col the column of the WHERE statement.  WARNING: not sanitized! 
     270     * @param string $where_val the value of the WHERE statement.  Should not already be SQL-escaped. 
     271     * @return mixed results of $this->query() 
     272     */ 
     273    function db_update($table, $data, $where_col, $where_val){ 
     274        $data = add_magic_quotes($data); 
     275        $bits = array(); 
     276        foreach ( array_keys($data) as $k ) 
     277            $bits[] = "`$k`='$data[$k]'"; 
     278        $where_val = $wpdb->escape($where_val); 
     279        return $this->query("UPDATE $table SET ".implode(', ',$bits)." WHERE $where_col = '$where_val' LIMIT 1"); 
     280    } 
     281 
     282    /** 
    254283     * Get one variable from the database 
    255284     * @param string $query (can be null as well, for caching, see codex) 
Note: See TracChangeset for help on using the changeset viewer.