WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/14/2008 04:13:25 PM (14 years ago)
Author:
ryan
Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/comment.php

    r7425 r7645  
    242242    $where = '';
    243243    if ( $post_id > 0 ) {
    244         $where = "WHERE comment_post_ID = {$post_id}";
     244        $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id);
    245245    }
    246246
     
    380380    if ( current_user_can( 'manage_options' ) )
    381381        return; // don't throttle admins
    382     if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
     382    if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) {
    383383        $time_lastcomment = mysql2date('U', $lasttime);
    384384        $time_newcomment  = mysql2date('U', $date);
     
    488488    $comment = get_comment($comment_id);
    489489
    490     if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") )
     490    if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) )
    491491        return false;
    492492
     
    586586        $user_id = 0;
    587587
    588     $result = $wpdb->query("INSERT INTO $wpdb->comments
     588    $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments
    589589    (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
    590     VALUES
    591     ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
    592     ");
     590    VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)",
     591    $comment_post_ID, $comment_author, $comment_author_email, $comment_author_url, $comment_author_IP, $comment_date, $comment_date_gmt, $comment_content, $comment_approved, $comment_agent, $comment_type, $comment_parent, $user_id) );
    593592
    594593    $id = (int) $wpdb->insert_id;
     
    715714    switch ( $comment_status ) {
    716715        case 'hold':
    717             $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
     716            $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id);
    718717            break;
    719718        case 'approve':
    720             $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
     719            $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id);
    721720            break;
    722721        case 'spam':
    723             $query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";
     722            $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id);
    724723            break;
    725724        case 'delete':
     
    775774    $comment_date_gmt = get_gmt_from_date($comment_date);
    776775
    777     $wpdb->query(
    778         "UPDATE $wpdb->comments SET
    779             comment_content      = '$comment_content',
    780             comment_author       = '$comment_author',
    781             comment_author_email = '$comment_author_email',
    782             comment_approved     = '$comment_approved',
    783             comment_author_url   = '$comment_author_url',
    784             comment_date         = '$comment_date',
    785             comment_date_gmt     = '$comment_date_gmt'
    786         WHERE comment_ID = $comment_ID" );
     776    $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET
     777            comment_content      = %s,
     778            comment_author       = %s,
     779            comment_author_email = %s,
     780            comment_approved     = %s,
     781            comment_author_url   = %s,
     782            comment_date         = %s,
     783            comment_date_gmt     = %s
     784        WHERE comment_ID = %d",
     785            $comment_content,
     786            $comment_author,
     787            $comment_author_email,
     788            $comment_approved,
     789            $comment_author_url,
     790            $comment_date,
     791            $comment_date_gmt
     792            $comment_ID) );
    787793
    788794    $rval = $wpdb->rows_affected;
     
    880886
    881887    $old = (int) $post->comment_count;
    882     $new = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
    883     $wpdb->query("UPDATE $wpdb->posts SET comment_count = '$new' WHERE ID = '$post_id'");
     888    $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) );
     889    $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) );
    884890
    885891    if ( 'page' == $post->post_type )
     
    10091015    // Do Enclosures
    10101016    while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
    1011         $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
     1017        $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) );
    10121018        do_enclose($enclosure->post_content, $enclosure->ID);
    10131019    }
     
    10361042    global $wpdb;
    10371043
    1038     $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
     1044    $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) );
    10391045    $to_ping = get_to_ping($post_id);
    10401046    $pinged  = get_pung($post_id);
    10411047    if ( empty($to_ping) ) {
    1042         $wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
     1048        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) );
    10431049        return;
    10441050    }
     
    10611067                $pinged[] = $tb_ping;
    10621068            } else {
    1063                 $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
     1069                $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
    10641070            }
    10651071        }
     
    12261232
    12271233    $tb_url = addslashes( $tb_url );
    1228     $wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
    1229     return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
     1234    $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) );
     1235    return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
    12301236}
    12311237
Note: See TracChangeset for help on using the changeset viewer.