Changeset 7645 for trunk/wp-admin/admin-ajax.php

Timestamp:

04/14/2008 04:13:25 PM (18 years ago)

Author:

ryan

Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:

• trunk/wp-admin/admin-ajax.php (modified) (1 diff)

trunk/wp-admin/admin-ajax.php

@@ -16 +16 @@
     if ( strstr( $s, ',' ) )
         die; // it's a multiple tag insert, we won't find anything
-    $results = $wpdb->get_col( "SELECT name FROM $wpdb->terms WHERE name LIKE ('%$s%')" );
+    $results = $wpdb->get_col( $wpdb->prepare("SELECT name FROM $wpdb->terms WHERE name LIKE (%s)", '%' . $s . '%') );
     echo join( $results, "\n" );
     die;