Changeset 7645 for trunk/wp-includes/user.php

Timestamp:

04/14/2008 04:13:25 PM (18 years ago)

Author:

ryan

Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:

• trunk/wp-includes/user.php (modified) (6 diffs)

trunk/wp-includes/user.php

@@ -58 +58 @@
     if ( !$user )
         $user = $wpdb->escape($_COOKIE[USER_COOKIE]);
-    return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
+    return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
 }
 
@@ -64 +64 @@
     global $wpdb;
     $userid = (int) $userid;
-    return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
+    return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
 }
 
@@ -131 +131 @@
 
     if ( ! empty($meta_value) )
-        $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
-    else
-        $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
+    else
+        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
 
     wp_cache_delete($user_id, 'users');
@@ -149 +149 @@
     if ( !empty($meta_key) ) {
         $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
-        $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+        $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
     } else {
-        $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
+        $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
     }
 
@@ -186 +186 @@
     }
 
-    $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+    $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
     if ( !$cur ) {
         $wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
@@ -192 +192 @@
         ( '$user_id', '$meta_key', '$meta_value' )");
     } else if ( $cur->meta_value != $meta_value ) {
-        $wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
     } else {
         return false;