WordPress.org

Make WordPress Core

Changeset 9259


Ignore:
Timestamp:
10/20/08 21:55:37 (6 years ago)
Author:
ryan
Message:

Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r9252 r9259  
    22822282 
    22832283    // expected_slashed ($post_name) 
    2284     $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID)); 
     2284    $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID)); 
    22852285 
    22862286    if ($post_name_check) { 
     
    22892289            $alt_post_name = $post_name . "-$suffix"; 
    22902290            // expected_slashed ($alt_post_name, $post_name) 
    2291             $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent)); 
     2291            $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent)); 
    22922292            $suffix++; 
    22932293        } 
Note: See TracChangeset for help on using the changeset viewer.