Make WordPress Core

Changeset 6241


Ignore:
Timestamp:
10/13/2007 03:51:11 AM (17 years ago)
Author:
markjaquith
Message:

prepare(), insert(), update() for wp-includes/ taxonomy.php, rss.php, registration.php

Location:
trunk/wp-includes
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/registration.php

    r5708 r6241  
    2222function email_exists( $email ) {
    2323    global $wpdb;
    24     $email = $wpdb->escape( $email );
    25     return $wpdb->get_var( "SELECT ID FROM $wpdb->users WHERE user_email = '$email'" );
     24    return $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_email = %s", $email) );
    2625}
    2726
     
    9998        $user_registered = gmdate('Y-m-d H:i:s');
    10099
     100    $data = compact( 'user_pass', 'user_email', 'user_url', 'user_nicename', 'display_name' );
     101
    101102    if ( $update ) {
    102         $query = "UPDATE $wpdb->users SET user_pass='$user_pass', user_email='$user_email', user_url='$user_url', user_nicename = '$user_nicename', display_name = '$display_name' WHERE ID = '$ID'";
    103         $query = apply_filters('update_user_query', $query);
    104         $wpdb->query( $query );
     103        $wpdb->update( $wpdb->users, $data, compact( 'ID' ) );
    105104        $user_id = (int) $ID;
    106105    } else {
    107         $query = "INSERT INTO $wpdb->users
    108         (user_login, user_pass, user_email, user_url, user_registered, user_nicename, display_name)
    109     VALUES
    110         ('$user_login', '$user_pass', '$user_email', '$user_url', '$user_registered', '$user_nicename', '$display_name')";
    111         $query = apply_filters('create_user_query', $query);
    112         $wpdb->query( $query );
     106        $wpdb->insert( $wpdb->users, $data + compact( 'user_login' ) );
    113107        $user_id = (int) $wpdb->insert_id;
    114108    }
     
    146140/**
    147141 * Update an user in the database.
    148  * @global object $wpdb WordPress database layer.
    149142 * @param array $userdata An array of user data.
    150143 * @return int The updated user's ID.
    151144 */
    152145function wp_update_user($userdata) {
    153     global $wpdb;
    154 
    155146    $ID = (int) $userdata['ID'];
    156147
  • trunk/wp-includes/rss.php

    r6026 r6241  
    668668        $cache_timestamp = 'rss_' . $this->file_name( $url ) . '_ts';
    669669
    670         if ( !$wpdb->get_var("SELECT option_name FROM $wpdb->options WHERE option_name = '$cache_option'") )
     670        // shouldn't these be using get_option() ?
     671        if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_option ) ) )
    671672            add_option($cache_option, '', '', 'no');
    672         if ( !$wpdb->get_var("SELECT option_name FROM $wpdb->options WHERE option_name = '$cache_timestamp'") )
     673        if ( !$wpdb->get_var( $wpdb->prepare( "SELECT option_name FROM $wpdb->options WHERE option_name = %s", $cache_timestamp ) ) )
    673674            add_option($cache_timestamp, '', '', 'no');
    674675
  • trunk/wp-includes/taxonomy.php

    r6224 r6241  
    196196    extract($args, EXTR_SKIP);
    197197
     198    $order = ( 'desc' == strtolower($order) ) ? 'DESC' : 'ASC';
     199
    198200    $terms = array_map('intval', $terms);
    199201
     
    241243        $term = (int) $term;
    242244        if ( ! $_term = wp_cache_get($term, $taxonomy) ) {
    243             $_term = $wpdb->get_row("SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = '$taxonomy' AND t.term_id = '$term' LIMIT 1");
     245            $_term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND t.term_id = %s LIMIT 1", $taxonomy, $term) );
    244246            wp_cache_add($term, $_term, $taxonomy);
    245247        }
     
    315317    }
    316318
    317     $term = $wpdb->get_row("SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = '$taxonomy' AND $field = '$value' LIMIT 1");
     319    $term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) );
    318320    if ( !$term )
    319321        return false;
     
    467469        'pad_counts' => false);
    468470    $args = wp_parse_args( $args, $defaults );
    469     $args['number'] = (int) $args['number'];
     471    $args['number'] = absint( $args['number'] );
    470472    if ( !$single_taxonomy || !is_taxonomy_hierarchical($taxonomies[0]) ||
    471473        '' != $args['parent'] ) {
     
    634636        if ( 0 == $term )
    635637            return 0;
    636         $where = "t.term_id = '$term'";
     638        $where = $wpdb->prepare( "t.term_id = %d", $term );
    637639    } else {
    638640        if ( ! $term = sanitize_title($term) )
    639641            return 0;
    640         $where = "t.slug = '$term'";
     642        $where = $wpdb->prepare( "t.slug = %s", $term );
    641643    }
    642644
     
    646648        return $term_id;
    647649
     650    $taxonomy = $wpdb->escape( $taxonomy );
    648651    return $wpdb->get_row("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = '$taxonomy'", ARRAY_A);
    649652}
     
    752755        $where = 'AND count > 0';
    753756
     757    $taxonomy = $wpdb->escape( $taxonomy );
    754758    return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = '$taxonomy' $where");
    755759}
     
    809813        $parent = $term_obj->parent;
    810814
    811         $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = '$parent' WHERE parent = '$term_obj->term_id' AND taxonomy = '$taxonomy'");
    812     }
    813 
    814     $objects = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$tt_id'");
     815        $wpdb->update( $wpdb->term_taxonomy, compact( $parent ), array( 'parent' => $term_obj->term_id) + compact( $taxonomy ) );
     816    }
     817
     818    $objects = $wpdb->get_col( $wpdb->prepare( "SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $tt_id ) );
    815819
    816820    foreach ( (array) $objects as $object ) {
     
    824828    }
    825829
    826     $wpdb->query("DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = '$tt_id'");
     830    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->term_taxonomy WHERE term_taxonomy_id = %d", $tt_id ) );
    827831
    828832    // Delete the term if no taxonomies use it.
    829     if ( !$wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = '$term'") )
    830         $wpdb->query("DELETE FROM $wpdb->terms WHERE term_id = '$term'");
     833    if ( !$wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE term_id = %d", $term) ) )
     834        $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->terms WHERE term_id = %d", $term) );
    831835
    832836    clean_term_cache($term, $taxonomy);
     
    928932    $term_group = 0;
    929933    if ( $alias_of ) {
    930         $alias = $wpdb->fetch_row("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$alias_of'");
     934        $alias = $wpdb->fetch_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) );
    931935        if ( $alias->term_group ) {
    932936            // The alias we want is already in a group, so let's use that one.
     
    935939            // The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
    936940            $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
    937             $wpdb->query("UPDATE $wpdb->terms SET term_group = $term_group WHERE term_id = $alias->term_id");
     941            $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) );
    938942        }
    939943    }
    940944
    941945    if ( ! $term_id = is_term($slug) ) {
    942         $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
     946        $wpdb->insert( $wpdb->terms, compact( 'name', 'slug', 'term_group' ) );
    943947        $term_id = (int) $wpdb->insert_id;
    944948    } else if ( is_taxonomy_hierarchical($taxonomy) && !empty($parent) ) {
     
    946950        // by incorporating parent slugs.
    947951        $slug = wp_unique_term_slug($slug, (object) $args);
    948         $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
     952        $wpdb->insert( $wpdb->terms, compact( 'name', 'slug', 'term_group' ) );
    949953        $term_id = (int) $wpdb->insert_id;
    950954    }
     
    952956    if ( empty($slug) ) {
    953957        $slug = sanitize_title($slug, $term_id);
    954         $wpdb->query("UPDATE $wpdb->terms SET slug = '$slug' WHERE term_id = '$term_id'");
    955     }
    956 
    957     $tt_id = $wpdb->get_var("SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.term_id = $term_id");
     958        $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) );
     959    }
     960
     961    $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id ) );
    958962
    959963    if ( !empty($tt_id) )
    960964        return array('term_id' => $term_id, 'term_taxonomy_id' => $tt_id);
    961965
    962     $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '0')");
     966    $wpdb->insert( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent') + array( 'count' => 0 ) );
    963967    $tt_id = (int) $wpdb->insert_id;
    964968
     
    10121016        $tt_ids[] = $id;
    10131017
    1014         if ( $wpdb->get_var("SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id = '$id'") )
     1018        if ( $wpdb->get_var( $wpdb->prepare( "SELECT term_taxonomy_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $object_id, $id ) ) )
    10151019            continue;
    1016         $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$object_id', '$id')");
     1020        $wpdb->insert( $wpdb->term_relationships, array( 'object_id' => $object_id, 'term_taxonomy_id' => $id ) );
    10171021    }
    10181022
     
    10501054
    10511055    // If we didn't get a unique slug, try appending a number to make it unique.
    1052     if ( $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$slug'") ) {
     1056    if ( $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $slug ) ) ) {
    10531057        $num = 2;
    10541058        do {
    10551059            $alt_slug = $slug . "-$num";
    10561060            $num++;
    1057             $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'");
     1061            $slug_check = $wpdb->get_var( $wpdb->prepare( "SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug ) );
    10581062        } while ( $slug_check );
    10591063        $slug = $alt_slug;
     
    10921096
    10931097    if ( $alias_of ) {
    1094         $alias = $wpdb->fetch_row("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$alias_of'");
     1098        $alias = $wpdb->fetch_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) );
    10951099        if ( $alias->term_group ) {
    10961100            // The alias we want is already in a group, so let's use that one.
     
    10991103            // The alias isn't in a group, so let's create a new one and firstly add the alias term to it.
    11001104            $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
    1101             $wpdb->query("UPDATE $wpdb->terms SET term_group = $term_group WHERE term_id = $alias->term_id");
     1105            $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) );
    11021106        }
    11031107    }
    11041108
    11051109    // Check for duplicate slug
    1106     $id = $wpdb->get_var("SELECT term_id FROM $wpdb->terms WHERE slug = '$slug'");
     1110    $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) );
    11071111    if ( $id && ($id != $term_id) ) {
    11081112        // If an empty slug was passed, reset the slug to something unique.
     
    11141118    }
    11151119
    1116     $wpdb->query("UPDATE $wpdb->terms SET name = '$name', slug = '$slug', term_group = '$term_group' WHERE term_id = '$term_id'");
     1120    $wpdb->update($wpdb->terms, compact( 'name', 'slug', 'term_group' ), compact( 'term_id' ) );
    11171121
    11181122    if ( empty($slug) ) {
    11191123        $slug = sanitize_title($name, $term_id);
    1120         $wpdb->query("UPDATE $wpdb->terms SET slug = '$slug' WHERE term_id = '$term_id'");
    1121     }
    1122 
    1123     $tt_id = $wpdb->get_var("SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.term_id = $term_id");
    1124 
    1125     $wpdb->query("UPDATE $wpdb->term_taxonomy SET term_id = '$term_id', taxonomy = '$taxonomy', description = '$description', parent = '$parent' WHERE term_taxonomy_id = '$tt_id'");
     1124        $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) );
     1125    }
     1126
     1127    $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) );
     1128
     1129    $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxnonoy_id' => $tt_id ) );
    11261130
    11271131    do_action("edit_term", $term_id, $tt_id);
     
    11551159        // Default count updater
    11561160        foreach ($terms as $term) {
    1157             $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term'");
    1158             $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term'");
     1161            $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term) );
     1162            $wpdb->update( $wpdb->term_taxonomy, compact( 'count' ), array( 'term_taxnomy_id' => $term ) );
    11591163        }
    11601164
     
    13891393
    13901394    foreach ( $terms as $term ) {
    1391         $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term'");
    1392         $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term'");
     1395        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term ) );
     1396        $wpdb->update( $wpdb->term_taxnomoy, compact( 'count' ), array( 'term_taxnomy_id' => $term ) );
    13931397    }
    13941398}
Note: See TracChangeset for help on using the changeset viewer.