WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/14/2008 04:13:25 PM (14 years ago)
Author:
ryan
Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/upgrade.php

    r7628 r7645  
    219219            if ('' == $post->post_name) {
    220220                $newtitle = sanitize_title($post->post_title);
    221                 $wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'");
     221                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) );
    222222            }
    223223        }
     
    228228        if ('' == $category->category_nicename) {
    229229            $newtitle = sanitize_title($category->cat_name);
    230             $wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'");
     230            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) );
    231231        }
    232232    }
     
    251251        foreach ($allposts as $post) {
    252252            // Check to see if it's already been imported
    253             $cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category");
     253            $cat = $wpdb->get_row( $wpdb->("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) );
    254254            if (!$cat && 0 != $post->post_category) { // If there's no result
    255                 $wpdb->query("
    256                     INSERT INTO $wpdb->post2cat
     255                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat
    257256                    (post_id, category_id)
    258                     VALUES
    259                     ('$post->ID', '$post->post_category')
    260                     ");
     257                    VALUES (%s, %s)
     258                    ", $post->ID, $post->post_category) );
    261259            }
    262260        }
     
    286284        if ('' == $user->user_nicename) {
    287285            $newname = sanitize_title($user->user_nickname);
    288             $wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
     286            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) );
    289287        }
    290288    }
     
    402400        if ( 1 != $option->dupes ) { // Could this be done in the query?
    403401            $limit = $option->dupes - 1;
    404             $dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit");
     402            $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) );
    405403            $dupe_ids = join($dupe_ids, ',');
    406404            $wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)");
     
    446444            if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
    447445            if (!$idmode) $id = $user->user_nickname;
    448             $id = $wpdb->escape( $id );
    449             $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
     446            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) );
    450447        endif;
    451448
     
    469466    if( is_array( $comments ) ) {
    470467        foreach ($comments as $comment) {
    471             $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" );
     468            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) );
    472469        }
    473470    }
     
    478475        $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
    479476        foreach ($objects as $object) {
    480             $wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment',
    481             post_mime_type = '$object->post_type',
     477            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment',
     478            post_mime_type = %s,
    482479            post_type = ''
    483             WHERE ID = $object->ID");
     480            WHERE ID = %d", $object->post_type, $object->ID) );
    484481
    485482            $meta = get_post_meta($object->ID, 'imagedata', true);
     
    509506            }
    510507
    511             $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
     508            $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) );
    512509        }
    513510    }
     
    542539    foreach ($categories as $category) {
    543540        $term_id = (int) $category->cat_ID;
    544         $name = $wpdb->escape($category->cat_name);
    545         $description = $wpdb->escape($category->category_description);
    546         $slug = $wpdb->escape($category->category_nicename);
    547         $parent = $wpdb->escape($category->category_parent);
    548541        $term_group = 0;
    549542
    550543        // Associate terms with the same slug in a term group and make slugs unique.
    551         if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
     544        if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    552545            $term_group = $exists[0]->term_group;
    553546            $id = $exists[0]->term_id;
     
    556549                $alt_slug = $slug . "-$num";
    557550                $num++;
    558                 $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'");
     551                $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) );
    559552            } while ( $slug_check );
    560553
     
    563556            if ( empty( $term_group ) ) {
    564557                $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
    565                 $wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'");
     558                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) );
    566559            }
    567560        }
    568561
    569         $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')");
     562        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES
     563        (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) );
    570564
    571565        $count = 0;
     
    573567            $count = (int) $category->category_count;
    574568            $taxonomy = 'category';
    575             $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     569            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    576570            $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    577571        }
     
    580574            $count = (int) $category->link_count;
    581575            $taxonomy = 'link_category';
    582             $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     576            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    583577            $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    584578        }
     
    588582            $count = (int) $category->tag_count;
    589583            $taxonomy = 'post_tag';
    590             $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     584            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    591585            $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    592586        }
     
    595589            $count = 0;
    596590            $taxonomy = 'category';
    597             $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
     591            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
    598592            $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
    599593        }
     
    615609            continue;
    616610
    617         $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')");
     611        $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) );
    618612    }
    619613
     
    634628
    635629            // Associate terms with the same slug in a term group and make slugs unique.
    636             if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
     630            if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
    637631                $term_group = $exists[0]->term_group;
    638632                $term_id = $exists[0]->term_id;
     
    640634
    641635            if ( empty($term_id) ) {
    642                 $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
     636                $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) );
    643637                $term_id = (int) $wpdb->insert_id;
    644638            }
     
    647641            $default_link_cat = $term_id;
    648642
    649             $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')");
     643            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) );
    650644            $tt_ids[$term_id] = (int) $wpdb->insert_id;
    651645        }
     
    663657                continue;
    664658
    665             $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')");
     659            $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) );
    666660        }
    667661
     
    678672                continue;
    679673
    680             $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')");
     674            $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) );
    681675        }
    682676    }
     
    691685    foreach ( (array) $terms as $term ) {
    692686        if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) )
    693             $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'");
     687            $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) );
    694688        else
    695             $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
    696         $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
     689            $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) );
     690        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) );
    697691    }
    698692}
     
    824818    }
    825819
    826     $option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
     820    $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) );
    827821
    828822    if ( 'home' == $setting && '' == $option )
Note: See TracChangeset for help on using the changeset viewer.