WordPress.org

Make WordPress Core


Ignore:
Timestamp:
04/14/2008 04:13:25 PM (14 years ago)
Author:
ryan
Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/user.php

    r7268 r7645  
    5858    if ( !$user )
    5959        $user = $wpdb->escape($_COOKIE[USER_COOKIE]);
    60     return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
     60    return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
    6161}
    6262
     
    6464    global $wpdb;
    6565    $userid = (int) $userid;
    66     return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
     66    return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
    6767}
    6868
     
    131131
    132132    if ( ! empty($meta_value) )
    133         $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
    134     else
    135         $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
     133        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
     134    else
     135        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    136136
    137137    wp_cache_delete($user_id, 'users');
     
    149149    if ( !empty($meta_key) ) {
    150150        $meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
    151         $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
     151        $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
    152152    } else {
    153         $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
     153        $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
    154154    }
    155155
     
    186186    }
    187187
    188     $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
     188    $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
    189189    if ( !$cur ) {
    190190        $wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
     
    192192        ( '$user_id', '$meta_key', '$meta_value' )");
    193193    } else if ( $cur->meta_value != $meta_value ) {
    194         $wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
     194        $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
    195195    } else {
    196196        return false;
Note: See TracChangeset for help on using the changeset viewer.