Make WordPress Core


Ignore:
Timestamp:
10/20/2008 09:55:37 PM (16 years ago)
Author:
ryan
Message:

Use prepare() in wp_insert_attachment(). Props dwc. fixes #7933

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/post.php

    r9252 r9259  
    22822282
    22832283    // expected_slashed ($post_name)
    2284     $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_ID));
     2284    $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d LIMIT 1", $post_name, $post_ID));
    22852285
    22862286    if ($post_name_check) {
     
    22892289            $alt_post_name = $post_name . "-$suffix";
    22902290            // expected_slashed ($alt_post_name, $post_name)
    2291             $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $post_ID, $post_parent));
     2291            $post_name_check = $wpdb->get_var( $wpdb->prepare( "SELECT post_name FROM $wpdb->posts WHERE post_name = %s AND post_status = 'inherit' AND ID != %d AND post_parent = %d LIMIT 1", $alt_post_name, $post_ID, $post_parent));
    22922292            $suffix++;
    22932293        }
Note: See TracChangeset for help on using the changeset viewer.