Changeset 6221
- Timestamp:
- 10/10/2007 10:01:40 PM (17 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/post.php
r6216 r6221 1369 1369 $pinged = ''; 1370 1370 1371 // expected_slashed (everything!) 1372 $data = array(); 1373 foreach ( array('post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'post_mime_type', 'guid') as $f ) 1374 $data[$f] = stripslashes($$f); 1375 unset($f); 1376 1371 1377 if ($update) { 1372 // expected_slashed (everything!) 1373 $wpdb->query( 1374 "UPDATE $wpdb->posts SET 1375 post_author = '$post_author', 1376 post_date = '$post_date', 1377 post_date_gmt = '$post_date_gmt', 1378 post_content = '$post_content', 1379 post_content_filtered = '$post_content_filtered', 1380 post_title = '$post_title', 1381 post_excerpt = '$post_excerpt', 1382 post_status = '$post_status', 1383 post_type = '$post_type', 1384 comment_status = '$comment_status', 1385 ping_status = '$ping_status', 1386 post_password = '$post_password', 1387 post_name = '$post_name', 1388 to_ping = '$to_ping', 1389 pinged = '$pinged', 1390 post_modified = '".current_time('mysql')."', 1391 post_modified_gmt = '".current_time('mysql',1)."', 1392 post_parent = '$post_parent', 1393 menu_order = '$menu_order', 1394 post_mime_type = '$post_mime_type', 1395 guid = '$guid' 1396 WHERE ID = $post_ID"); 1397 } else { 1398 // expected_slashed (everything!) 1399 $wpdb->query( 1400 "INSERT INTO $wpdb->posts 1401 (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) 1402 VALUES 1403 ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')"); 1404 $post_ID = (int) $wpdb->insert_id; 1378 $wpdb->db_update($wpdb->posts, $data, 'ID', $post_ID); 1379 } else { 1380 $wpdb->db_insert($wpdb->posts, $data); 1381 $post_ID = (int) $wpdb->insert_id; 1405 1382 } 1406 1383 1407 1384 if ( empty($post_name) ) { 1408 1385 $post_name = sanitize_title($post_title, $post_ID); 1409 // expected_slashed ($post_name) 1410 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '$post_name' WHERE ID = %d", $post_ID)); 1386 $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '%s' WHERE ID = %d", $post_name, $post_ID)); 1411 1387 } 1412 1388 -
trunk/wp-includes/wp-db.php
r6199 r6221 252 252 253 253 /** 254 * Insert an array of data into a table 255 * @param string $table WARNING: not sanitized! 256 * @param array $data should not already be SQL-escaped 257 * @return mixed results of $this->query() 258 */ 259 function db_insert($table, $data) { 260 $data = add_magic_quotes($data); 261 $fields = array_keys($data); 262 return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')"); 263 } 264 265 /** 266 * Update a row in the table with an array of data 267 * @param string $table WARNING: not sanitized! 268 * @param array $data should not already be SQL-escaped 269 * @param string $where_col the column of the WHERE statement. WARNING: not sanitized! 270 * @param string $where_val the value of the WHERE statement. Should not already be SQL-escaped. 271 * @return mixed results of $this->query() 272 */ 273 function db_update($table, $data, $where_col, $where_val){ 274 $data = add_magic_quotes($data); 275 $bits = array(); 276 foreach ( array_keys($data) as $k ) 277 $bits[] = "`$k`='$data[$k]'"; 278 $where_val = $wpdb->escape($where_val); 279 return $this->query("UPDATE $table SET ".implode(', ',$bits)." WHERE $where_col = '$where_val' LIMIT 1"); 280 } 281 282 /** 254 283 * Get one variable from the database 255 284 * @param string $query (can be null as well, for caching, see codex)
Note: See TracChangeset
for help on using the changeset viewer.