Changeset 810 for trunk/wp-includes/functions.php

Timestamp:

01/30/2004 02:39:01 AM (22 years ago)

Author:

alex_t_king

Message:

added single quotes around values in SQL statements

File:

• trunk/wp-includes/functions.php (modified) (7 diffs)

trunk/wp-includes/functions.php

@@ -413 +413 @@
     global $wpdb, $cache_userdata, $use_cache, $tableusers;
     if ((empty($cache_userdata[$userid])) || (!$use_cache)) {
-        $user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID = $userid");
+        $user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID = '$userid'");
         $user->user_nickname = stripslashes($user->user_nickname);
         $user->user_firstname = stripslashes($user->user_firstname);
@@ -465 +465 @@
 function get_usernumposts($userid) {
     global $tableposts, $tablecomments, $wpdb;
-    return $wpdb->get_var("SELECT COUNT(*) FROM $tableposts WHERE post_author = $userid");
+    return $wpdb->get_var("SELECT COUNT(*) FROM $tableposts WHERE post_author = '$userid'");
 }
 
@@ -528 +528 @@
 
     // Otherwise, build a WHERE clause, making the values safe along the way:
-    if ($year) $where .= " AND YEAR(post_date) = " . intval($year);
-    if ($monthnum) $where .= " AND MONTH(post_date) = " . intval($monthnum);
-    if ($day) $where .= " AND DAYOFMONTH(post_date) = " . intval($day);
+    if ($year) $where .= " AND YEAR(post_date) = '" . intval($year) . "'";
+    if ($monthnum) $where .= " AND MONTH(post_date) = '" . intval($monthnum) . "'";
+    if ($day) $where .= " AND DAYOFMONTH(post_date) = '" . intval($day) . "'";
     if ($postname) $where .= " AND post_name = '" . $wpdb->escape($postname) . "' ";
 
@@ -585 +585 @@
     global $post, $tableusers, $tablecategories, $tableposts, $tablecomments, $wpdb;
 
-    $post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = $postid");
+    $post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = '$postid'");
     
     $postdata = array (
@@ -630 +630 @@
     global $postc,$id,$commentdata,$tablecomments, $wpdb;
     if ($no_cache) {
-        $query = "SELECT * FROM $tablecomments WHERE comment_ID = $comment_ID";
+        $query = "SELECT * FROM $tablecomments WHERE comment_ID = '$comment_ID'";
         if (false == $include_unapproved) {
             $query .= " AND comment_approved = '1'";
@@ -681 +681 @@
             SELECT category_id 
             FROM  $tablecategories, $tablepost2cat 
-            WHERE $tablepost2cat.category_id = cat_ID AND $tablepost2cat.post_id = $post->ID
+            WHERE $tablepost2cat.category_id = cat_ID AND $tablepost2cat.post_id = '$post->ID'
             ");
     } else {
@@ -938 +938 @@
     @fclose($fs);
 
-    $wpdb->query("UPDATE $tableposts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = $ID");
-    $wpdb->query("UPDATE $tableposts SET to_ping = REPLACE(to_ping, '$tb_url', '') WHERE ID = $ID");
+    $wpdb->query("UPDATE $tableposts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
+    $wpdb->query("UPDATE $tableposts SET to_ping = REPLACE(to_ping, '$tb_url', '') WHERE ID = '$ID'");
     return $result;
 }