Changeset 6240
- Timestamp:
- 10/13/2007 02:36:38 AM (17 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/post.php
r6238 r6240 260 260 // 261 261 262 function add_post_meta($post_id, $key, $value, $unique = false) { 263 global $wpdb; 264 265 if ( $unique ) { 266 // expected_slashed ($key) 267 if ( $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) { 268 return false; 269 } 270 } 262 function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) { 263 global $wpdb; 264 265 // expected_slashed ($meta_key) 266 $meta_key = stripslashes($meta_key); 267 268 if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) 269 return false; 271 270 272 271 $cache = wp_cache_get($post_id, 'post_meta'); 273 272 if ( ! is_array($cache) ) 274 273 $cache = array(); 275 $cache[$key][] = $value; 274 // expected_slashed ($meta_key) 275 $cache[$wpdb->escape($meta_key)][] = $meta_value; 276 276 277 277 wp_cache_set($post_id, $cache, 'post_meta'); 278 278 279 $value = maybe_serialize($value); 280 281 // expected_slashed ($key) 282 $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES (%d,'$key',%s)", $post_id, $value)); 283 279 $meta_value = maybe_serialize($meta_value); 280 281 $wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) ); 284 282 return true; 285 283 } … … 288 286 global $wpdb; 289 287 290 if ( empty($value) ) { 291 // expected_slashed ($key) 292 $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 293 } else { 294 // expected_slashed ($key, $value) 295 $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 296 } 288 $post_id = absint( $post_id ); 289 290 // expected_slashed ($key, $value) 291 $key = stripslashes( $key ); 292 $value = stripslashes( $value ); 293 294 if ( empty( $value ) ) 295 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) ); 296 else 297 $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) ); 297 298 298 299 if ( !$meta_id ) 299 300 return false; 300 301 301 if ( empty($value) ) { 302 // expected_slashed ($key) 303 $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id)); 304 } else { 305 // expected_slashed ($key, $value) 306 $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id)); 307 } 302 if ( empty( $value ) ) 303 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) ); 304 else 305 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) ); 308 306 309 307 wp_cache_delete($post_id, 'post_meta'); … … 342 340 } 343 341 344 function update_post_meta($post_id, $ key, $value, $prev_value = '') {345 global $wpdb; 346 347 $original_value = $ value;348 $ value = maybe_serialize($value);342 function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') { 343 global $wpdb; 344 345 $original_value = $meta_value; 346 $meta_value = maybe_serialize($meta_value); 349 347 350 348 $original_prev = $prev_value; 351 349 $prev_value = maybe_serialize($prev_value); 352 350 353 // expected_slashed ($ key)354 if (! $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) {355 return false; 356 }357 358 if ( empty($prev_value) ) { 359 // expected_slashed ($key)360 $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d", $value, $post_id));361 } else { 362 // expected_slashed ($key)363 $w pdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d AND meta_value = %s", $value, $post_id, $prev_value));364 } 365 351 // expected_slashed ($meta_key) 352 $meta_key = stripslashes($meta_key); 353 354 if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) ) 355 return false; 356 357 $data = compact( 'meta_value' ); 358 $where = compact( 'meta_key', 'post_id' ); 359 360 if ( !empty( $prev_value ) ) 361 $where['meta_value'] = $prev_value; 362 363 $wpdb->update( $wpdb->postmeta, $data, $where ); 366 364 wp_cache_delete($post_id, 'post_meta'); 367 368 365 return true; 369 366 } … … 501 498 wp_delete_object_term_relationships($postid, array('category', 'post_tag')); 502 499 500 $parent_data = array( 'post_parent' => $post->post_parent ); 501 $parent_where = array( 'post_parent' => $postid ); 502 503 503 if ( 'page' == $post->post_type ) 504 $wpdb-> query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = %d AND post_type = 'page'", $postid ));505 506 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE post_parent = %d AND post_type = 'attachment'", $post->post_parent, $postid ));504 $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'page' ) ); 505 506 $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) ); 507 507 508 508 $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid )); … … 703 703 $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order' ) ); 704 704 $data = stripslashes_deep( $data ); 705 $where = array( 'ID' => $post_ID ); 705 706 706 707 if ($update) { 707 $wpdb->update( $wpdb->posts, $data, 'ID', $post_ID);708 $wpdb->update( $wpdb->posts, $data, $where ); 708 709 } else { 709 710 $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update … … 714 715 if ( empty($post_name) && 'draft' != $post_status ) { 715 716 $post_name = sanitize_title($post_title, $post_ID); 716 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $post_name, $post_ID ));717 $wpdb->update( $wpdb->posts, compact( 'post_name' ), $where ); 717 718 } 718 719 … … 728 729 // Set GUID 729 730 if ( ! $update ) 730 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post_ID), $post_ID ));731 $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post_ID ) ), $where ); 731 732 732 733 $post = get_post($post_ID); … … 796 797 return; 797 798 798 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = %d", $post_id ));799 $wpdb->update( $wpdb->posts, array( 'post_status' => 'publish' ), array( 'ID' => $post_id ) ); 799 800 800 801 $old_status = $post->post_status; … … 863 864 $new = apply_filters('add_ping', $new); 864 865 // expected_slashed ($new) 865 return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = %d", $post_id )); 866 $new = stripslashes($new); 867 return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) ); 866 868 } 867 869 … … 1294 1296 $data = stripslashes_deep( $data ); 1295 1297 1296 if ( $update) {1297 $wpdb->update( $wpdb->posts, $data, 'ID', $post_ID);1298 if ( $update ) { 1299 $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) ); 1298 1300 } else { 1299 $wpdb->insert( $wpdb->posts, $data);1301 $wpdb->insert( $wpdb->posts, $data ); 1300 1302 $post_ID = (int) $wpdb->insert_id; 1301 1303 } … … 1303 1305 if ( empty($post_name) ) { 1304 1306 $post_name = sanitize_title($post_title, $post_ID); 1305 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '%s' WHERE ID = %d", $post_name, $post_ID));1307 $wpdb->update( $wpdb->posts, compact( $post_name ), array( 'ID' => $post_ID ) ); 1306 1308 } 1307 1309 … … 1713 1715 if ( $old_status != 'publish' && $new_status == 'publish' ) { 1714 1716 // Reset GUID if transitioning to publish. 1715 $wpdb-> query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post->ID), $post->ID ));1717 $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post->ID ) ), array( 'ID' => $post->ID ) ); 1716 1718 do_action('private_to_published', $post->ID); // Deprecated, use private_to_publish 1717 1719 } … … 1740 1742 $post = get_post($post_id); 1741 1743 1744 $data = array( 'post_id' => $post_id, 'meta_value' => '1' ); 1742 1745 if ( get_option('default_pingback_flag') ) 1743 $result = $wpdb->query( $wpdb->prepare( " 1744 INSERT INTO $wpdb->postmeta 1745 (post_id,meta_key,meta_value) 1746 VALUES (%s,'_pingme','1') 1747 ", $post_id )); 1748 $result = $wpdb->query( $wpdb->prepare( " 1749 INSERT INTO $wpdb->postmeta 1750 (post_id,meta_key,meta_value) 1751 VALUES (%s,'_encloseme','1') 1752 ", $post_id )); 1746 $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_pingme' ) ); 1747 $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_encloseme' ) ); 1753 1748 wp_schedule_single_event(time(), 'do_pings'); 1754 1749 } -
trunk/wp-includes/wp-db.php
r6239 r6240 267 267 * @param string $table WARNING: not sanitized! 268 268 * @param array $data should not already be SQL-escaped 269 * @param mixed $where_col_or_array if a string, it represents the column of the WHERE statement. If an array (named), it can represent multiple col = 'value' pairs that will be joined with ANDs WARNING: the column names are not sanitized! 270 * @param string $where_val the value of the WHERE statement. Should not already be SQL-escaped. 269 * @param array $where a named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized! 271 270 * @return mixed results of $this->query() 272 271 */ 273 function update($table, $data, $where _col_or_array, $where_val=NULL){272 function update($table, $data, $where){ 274 273 $data = add_magic_quotes($data); 275 274 $bits = $wheres = array(); … … 277 276 $bits[] = "`$k` = '$data[$k]'"; 278 277 279 if ( is_string( $where_col_or_array ) ) 280 $wheres = array( "$where_col_or_array = '" . $this->escape($where_val) . "'" ); 281 elseif ( is_array( $where_col_or_array ) ) 282 foreach ( $where_col_or_array as $c => $v ) 278 if ( is_array( $where ) ) 279 foreach ( $where as $c => $v ) 283 280 $wheres[] = "$c = '" . $this->escape( $v ) . "'"; 284 281 else
Note: See TracChangeset
for help on using the changeset viewer.