Changeset 7645 for trunk/wp-admin/includes/user.php
- Timestamp:
- 04/14/2008 04:13:25 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/user.php
r7313 r7645 142 142 global $wpdb; 143 143 $level_key = $wpdb->prefix . 'user_level'; 144 145 $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'"; 146 147 return $wpdb->get_col( $query ); 144 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) ); 148 145 } 149 146 … … 177 174 $level_key = $wpdb->prefix . 'user_level'; 178 175 179 $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'";176 $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key); 180 177 if ( $exclude_zeros ) 181 178 $query .= " AND meta_value != '0'"; … … 188 185 $level_key = $wpdb->prefix . 'user_level'; 189 186 190 $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'"; 191 192 return $wpdb->get_col( $query ); 187 return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) ); 193 188 } 194 189 … … 209 204 } else { 210 205 $editable = join(',', $editable); 211 $other_unpubs = $wpdb->get_results( "SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir");206 $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) ); 212 207 } 213 208 … … 242 237 function get_users_drafts( $user_id ) { 243 238 global $wpdb; 244 $user_id = (int) $user_id; 245 $query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = $user_id ORDER BY post_modified DESC"; 239 $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id); 246 240 $query = apply_filters('get_users_drafts', $query); 247 241 return $wpdb->get_results( $query ); … … 254 248 255 249 if ($reassign == 'novalue') { 256 $post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_author = $id");250 $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) ); 257 251 258 252 if ($post_ids) { … … 262 256 263 257 // Clean links 264 $wpdb->query( "DELETE FROM $wpdb->links WHERE link_owner = $id");258 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) ); 265 259 } else { 266 260 $reassign = (int) $reassign; 267 $wpdb->query( "UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}");268 $wpdb->query( "UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}");261 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) ); 262 $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) ); 269 263 } 270 264 … … 272 266 do_action('delete_user', $id); 273 267 274 $wpdb->query( "DELETE FROM $wpdb->users WHERE ID = $id");275 $wpdb->query( "DELETE FROM $wpdb->usermeta WHERE user_id = '$id'");268 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) ); 269 $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) ); 276 270 277 271 wp_cache_delete($id, 'users'); … … 324 318 global $wpdb; 325 319 $this->first_user = ($this->page - 1) * $this->users_per_page; 326 $this->query_limit = ' LIMIT ' . $this->first_user . ',' . $this->users_per_page;320 $this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page); 327 321 $this->query_sort = ' ORDER BY user_login'; 328 322 $search_sql = ''; … … 338 332 $this->query_from_where = "FROM $wpdb->users"; 339 333 if ( $this->role ) 340 $this->query_from_where .= " INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'";334 $this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%'); 341 335 else 342 336 $this->query_from_where .= " WHERE 1=1";
Note: See TracChangeset
for help on using the changeset viewer.