WordPress.org

Make WordPress Core

Changeset 7645 for trunk/xmlrpc.php


Ignore:
Timestamp:
04/14/2008 04:13:25 PM (14 years ago)
Author:
ryan
Message:

Prepare DB queries in more places. Props filosofo. see #6644

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/xmlrpc.php

    r7617 r7645  
    13531353            foreach( $attachments as $file ) {
    13541354                if( strpos( $post_content, $file->guid ) !== false ) {
    1355                     $wpdb->query( "UPDATE {$wpdb->posts} SET post_parent = '$post_ID' WHERE ID = '{$file->ID}'" );
     1355                    $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) );
    13561356                }
    13571357            }
     
    20942094        }
    20952095
    2096         $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
     2096        $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    20972097
    20982098        if (!$comments) {
     
    22072207                // ...or a string #title, a little more complicated
    22082208                $title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
    2209                 $sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'";
     2209                $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
    22102210                if (! ($post_ID = $wpdb->get_var($sql)) ) {
    22112211                    // returning unknown error '0' is better than die()ing
     
    22362236
    22372237        // Let's check that the remote site didn't already pingback this entry
    2238         $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");
     2238        $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) );
    22392239
    22402240        if ( $wpdb->num_rows ) // We already have a Pingback from this URL
     
    23452345        }
    23462346
    2347         $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
     2347        $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
    23482348
    23492349        if (!$comments) {
Note: See TracChangeset for help on using the changeset viewer.