Make WordPress Core

Changeset 6240


Ignore:
Timestamp:
10/13/2007 02:36:38 AM (17 years ago)
Author:
markjaquith
Message:

Forget about 4th update() param -- only accept named array. Roll out more insert()/update() and various cleanups.

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r6238 r6240  
    260260//
    261261
    262 function add_post_meta($post_id, $key, $value, $unique = false) {
    263     global $wpdb;
    264 
    265     if ( $unique ) {
    266         // expected_slashed ($key)
    267         if ( $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) {
    268             return false;
    269         }
    270     }
     262function add_post_meta($post_id, $meta_key, $meta_value, $unique = false) {
     263    global $wpdb;
     264
     265    // expected_slashed ($meta_key)
     266    $meta_key = stripslashes($meta_key);
     267
     268    if ( $unique && $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
     269        return false;
    271270
    272271    $cache = wp_cache_get($post_id, 'post_meta');
    273272    if ( ! is_array($cache) )
    274273        $cache = array();
    275     $cache[$key][] = $value;
     274    // expected_slashed ($meta_key)
     275    $cache[$wpdb->escape($meta_key)][] = $meta_value;
    276276
    277277    wp_cache_set($post_id, $cache, 'post_meta');
    278278
    279     $value = maybe_serialize($value);
    280 
    281     // expected_slashed ($key)
    282     $wpdb->query($wpdb->prepare("INSERT INTO $wpdb->postmeta (post_id,meta_key,meta_value) VALUES (%d,'$key',%s)", $post_id, $value));
    283 
     279    $meta_value = maybe_serialize($meta_value);
     280
     281    $wpdb->insert( $wpdb->postmeta, compact( 'post_id', 'meta_key', 'meta_value' ) );
    284282    return true;
    285283}
     
    288286    global $wpdb;
    289287
    290     if ( empty($value) ) {
    291         // expected_slashed ($key)
    292         $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id));
    293     } else {
    294         // expected_slashed ($key, $value)
    295         $meta_id = $wpdb->get_var($wpdb->prepare("SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id));
    296     }
     288    $post_id = absint( $post_id );
     289
     290    // expected_slashed ($key, $value)
     291    $key = stripslashes( $key );
     292    $value = stripslashes( $value );
     293
     294    if ( empty( $value ) )
     295        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
     296    else
     297        $meta_id = $wpdb->get_var( $wpdb->prepare( "SELECT meta_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
    297298
    298299    if ( !$meta_id )
    299300        return false;
    300301
    301     if ( empty($value) ) {
    302         // expected_slashed ($key)
    303         $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key'", $post_id));
    304     } else {
    305         // expected_slashed ($key, $value)
    306         $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = '$key' AND meta_value = '$value'", $post_id));
    307     }
     302    if ( empty( $value ) )
     303        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s", $post_id, $key ) );
     304    else
     305        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s AND meta_value = %s", $post_id, $key, $value ) );
    308306
    309307    wp_cache_delete($post_id, 'post_meta');
     
    342340}
    343341
    344 function update_post_meta($post_id, $key, $value, $prev_value = '') {
    345     global $wpdb;
    346 
    347     $original_value = $value;
    348     $value = maybe_serialize($value);
     342function update_post_meta($post_id, $meta_key, $meta_value, $prev_value = '') {
     343    global $wpdb;
     344
     345    $original_value = $meta_value;
     346    $meta_value = maybe_serialize($meta_value);
    349347
    350348    $original_prev = $prev_value;
    351349    $prev_value = maybe_serialize($prev_value);
    352350
    353     // expected_slashed ($key)
    354     if (! $wpdb->get_var($wpdb->prepare("SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = '$key' AND post_id = %d", $post_id)) ) {
    355         return false;
    356     }
    357 
    358     if ( empty($prev_value) ) {
    359         // expected_slashed ($key)
    360         $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d", $value, $post_id));
    361     } else {
    362         // expected_slashed ($key)
    363         $wpdb->query($wpdb->prepare("UPDATE $wpdb->postmeta SET meta_value = %s WHERE meta_key = '$key' AND post_id = %d AND meta_value = %s", $value, $post_id, $prev_value));
    364     }
    365 
     351    // expected_slashed ($meta_key)
     352    $meta_key = stripslashes($meta_key);
     353
     354    if ( ! $wpdb->get_var( $wpdb->prepare( "SELECT meta_key FROM $wpdb->postmeta WHERE meta_key = %s AND post_id = %d", $meta_key, $post_id ) ) )
     355        return false;
     356
     357    $data  = compact( 'meta_value' );
     358    $where = compact( 'meta_key', 'post_id' );
     359
     360    if ( !empty( $prev_value ) )
     361        $where['meta_value'] = $prev_value;
     362
     363    $wpdb->update( $wpdb->postmeta, $data, $where );
    366364    wp_cache_delete($post_id, 'post_meta');
    367 
    368365    return true;
    369366}
     
    501498    wp_delete_object_term_relationships($postid, array('category', 'post_tag'));
    502499
     500    $parent_data = array( 'post_parent' => $post->post_parent );
     501    $parent_where = array( 'post_parent' => $postid );
     502
    503503    if ( 'page' == $post->post_type )
    504         $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = %d AND post_type = 'page'", $postid ));
    505 
    506     $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_parent = %s WHERE post_parent = %d AND post_type = 'attachment'", $post->post_parent, $postid ));
     504        $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'page' ) );
     505
     506    $wpdb->update( $wpdb->posts, $parent_data, $parent_where + array( 'post_type' => 'attachment' ) );
    507507
    508508    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->posts WHERE ID = %d", $postid ));
     
    703703    $data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order' ) );
    704704    $data = stripslashes_deep( $data );
     705    $where = array( 'ID' => $post_ID );
    705706
    706707    if ($update) {
    707         $wpdb->update( $wpdb->posts, $data, 'ID', $post_ID );
     708        $wpdb->update( $wpdb->posts, $data, $where );
    708709    } else {
    709710        $data['post_mime_type'] = stripslashes( $post_mime_type ); // This isn't in the update
     
    714715    if ( empty($post_name) && 'draft' != $post_status ) {
    715716        $post_name = sanitize_title($post_title, $post_ID);
    716         $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $post_name, $post_ID ) );
     717        $wpdb->update( $wpdb->posts, compact( 'post_name' ), $where );
    717718    }
    718719
     
    728729    // Set GUID
    729730    if ( ! $update )
    730         $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post_ID), $post_ID ));
     731        $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post_ID ) ), $where );
    731732
    732733    $post = get_post($post_ID);
     
    796797        return;
    797798
    798     $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_status = 'publish' WHERE ID = %d", $post_id ));
     799    $wpdb->update( $wpdb->posts, array( 'post_status' => 'publish' ), array( 'ID' => $post_id ) );
    799800
    800801    $old_status = $post->post_status;
     
    863864    $new = apply_filters('add_ping', $new);
    864865    // expected_slashed ($new)
    865     return $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET pinged = '$new' WHERE ID = %d", $post_id ));
     866    $new = stripslashes($new);
     867    return $wpdb->update( $wpdb->posts, array( 'pinged' => $new ), array( 'ID' => $post_id ) );
    866868}
    867869
     
    12941296    $data = stripslashes_deep( $data );
    12951297
    1296     if ($update) {
    1297         $wpdb->update($wpdb->posts, $data, 'ID', $post_ID);
     1298    if ( $update ) {
     1299        $wpdb->update( $wpdb->posts, $data, array( 'ID' => $post_ID ) );
    12981300    } else {
    1299         $wpdb->insert($wpdb->posts, $data);
     1301        $wpdb->insert( $wpdb->posts, $data );
    13001302        $post_ID = (int) $wpdb->insert_id;
    13011303    }
     
    13031305    if ( empty($post_name) ) {
    13041306        $post_name = sanitize_title($post_title, $post_ID);
    1305         $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET post_name = '%s' WHERE ID = %d", $post_name, $post_ID));
     1307        $wpdb->update( $wpdb->posts, compact( $post_name ), array( 'ID' => $post_ID ) );
    13061308    }
    13071309
     
    17131715    if ( $old_status != 'publish' && $new_status == 'publish' ) {
    17141716            // Reset GUID if transitioning to publish.
    1715             $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->posts SET guid = %s WHERE ID = %d", get_permalink($post->ID), $post->ID ));
     1717            $wpdb->update( $wpdb->posts, array( 'guid' => get_permalink( $post->ID ) ), array( 'ID' => $post->ID ) );
    17161718            do_action('private_to_published', $post->ID);  // Deprecated, use private_to_publish
    17171719    }
     
    17401742    $post = get_post($post_id);
    17411743
     1744    $data = array( 'post_id' => $post_id, 'meta_value' => '1' );
    17421745    if ( get_option('default_pingback_flag') )
    1743         $result = $wpdb->query( $wpdb->prepare( "
    1744             INSERT INTO $wpdb->postmeta
    1745             (post_id,meta_key,meta_value)
    1746             VALUES (%s,'_pingme','1')
    1747         ", $post_id ));
    1748     $result = $wpdb->query( $wpdb->prepare( "
    1749         INSERT INTO $wpdb->postmeta
    1750         (post_id,meta_key,meta_value)
    1751         VALUES (%s,'_encloseme','1')
    1752     ", $post_id ));
     1746        $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_pingme' ) );
     1747    $wpdb->insert( $wpdb->postmeta, $data + array( 'meta_key' => '_encloseme' ) );
    17531748    wp_schedule_single_event(time(), 'do_pings');
    17541749}
  • trunk/wp-includes/wp-db.php

    r6239 r6240  
    267267     * @param string $table WARNING: not sanitized!
    268268     * @param array $data should not already be SQL-escaped
    269      * @param mixed $where_col_or_array if a string, it represents the column of the WHERE statement.  If an array (named), it can represent multiple col = 'value' pairs that will be joined with ANDs  WARNING: the column names are not sanitized!
    270      * @param string $where_val the value of the WHERE statement.  Should not already be SQL-escaped.
     269     * @param array $where a named array of WHERE column => value relationships.  Multiple member pairs will be joined with ANDs.  WARNING: the column names are not currently sanitized!
    271270     * @return mixed results of $this->query()
    272271     */
    273     function update($table, $data, $where_col_or_array, $where_val=NULL){
     272    function update($table, $data, $where){
    274273        $data = add_magic_quotes($data);
    275274        $bits = $wheres = array();
     
    277276            $bits[] = "`$k` = '$data[$k]'";
    278277
    279         if ( is_string( $where_col_or_array ) )
    280             $wheres = array( "$where_col_or_array = '" . $this->escape($where_val) . "'" );
    281         elseif ( is_array( $where_col_or_array ) )
    282             foreach ( $where_col_or_array as $c => $v )
     278        if ( is_array( $where ) )
     279            foreach ( $where as $c => $v )
    283280                $wheres[] = "$c = '" . $this->escape( $v ) . "'";
    284281        else
Note: See TracChangeset for help on using the changeset viewer.