WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/14/2008 04:13:25 PM (14 years ago)
Author:
ryan
Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/post.php

    r7638 r7645  
    195195
    196196    if (!empty ($post_date))
    197         $post_date = "AND post_date = '$post_date'";
     197        $post_date = $wpdb->prepare("AND post_date = %s", $post_date);
    198198
    199199    if (!empty ($title))
    200         return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
     200        return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
    201201    else
    202202        if (!empty ($content))
    203             return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
     203            return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
    204204
    205205    return 0;
     
    381381        wp_cache_delete($post_ID, 'post_meta');
    382382
    383         $wpdb->query( "
    384                 INSERT INTO $wpdb->postmeta
    385                 (post_id,meta_key,meta_value )
    386                 VALUES ('$post_ID','$metakey','$metavalue' )
    387             " );
     383        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
     384            (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
     385            $post_ID, $metakey, $metavalue) );
    388386        return $wpdb->insert_id;
    389387    }
     
    395393    $mid = (int) $mid;
    396394
    397     $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
     395    $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    398396    wp_cache_delete($post_id, 'post_meta');
    399397
    400     return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
     398    return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    401399}
    402400
     
    418416    $mid = (int) $mid;
    419417
    420     $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
     418    $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    421419    if ( is_serialized_string( $meta->meta_value ) )
    422420        $meta->meta_value = maybe_unserialize( $meta->meta_value );
     
    428426    global $wpdb;
    429427
    430     return $wpdb->get_results( "
    431             SELECT meta_key, meta_value, meta_id, post_id
    432             FROM $wpdb->postmeta
    433             WHERE post_id = '$postid'
    434             ORDER BY meta_key,meta_id", ARRAY_A );
     428    return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
     429            FROM $wpdb->postmeta WHERE post_id = %d
     430            ORDER BY meta_key,meta_id", $postid), ARRAY_A );
    435431
    436432}
     
    444440        return false;
    445441
    446     $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
     442    $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
    447443    wp_cache_delete($post_id, 'post_meta');
    448444
     
    450446    $mvalue = $wpdb->escape( $mvalue );
    451447    $mid = (int) $mid;
    452     return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
     448    return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->postmeta SET meta_key = %s, meta_value = %s WHERE meta_id = %d", $mkey, $mvalue, $mid) );
    453449}
    454450
     
    503499    $old_ID = (int) $old_ID;
    504500    $new_ID = (int) $new_ID;
    505     return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
     501    return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
    506502}
    507503
Note: See TracChangeset for help on using the changeset viewer.