Index: wp-admin/import/dotclear.php
===================================================================
--- wp-admin/import/dotclear.php	(revision 7627)
+++ wp-admin/import/dotclear.php	(working copy)
@@ -13,7 +13,7 @@
 	function get_comment_count($post_ID)
 	{
 		global $wpdb;
-		return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+		return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
 	}
 }
 
@@ -22,7 +22,7 @@
 	function link_exists($linkname)
 	{
 		global $wpdb;
-		return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
+		return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
 	}
 }
 
Index: wp-admin/import/blogger.php
===================================================================
--- wp-admin/import/blogger.php	(revision 7627)
+++ wp-admin/import/blogger.php	(working copy)
@@ -641,7 +641,7 @@
 		$host = $this->blogs[$importing_blog]['host'];
 
 		// Get an array of posts => authors
-		$post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'");
+		$post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
 		$post_ids = join( ',', $post_ids );
 		$results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
 		foreach ( $results as $row )
@@ -658,7 +658,7 @@
 			$post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
 			$post_ids = join( ',', $post_ids);
 
-			$wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)");
+			$wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
 			$this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
 		}
 		$this->save_vars();
Index: wp-admin/import/textpattern.php
===================================================================
--- wp-admin/import/textpattern.php	(revision 7627)
+++ wp-admin/import/textpattern.php	(working copy)
@@ -8,7 +8,7 @@
 	function get_comment_count($post_ID)
 	{
 		global $wpdb;
-		return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+		return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
 	}
 }
 
@@ -17,7 +17,7 @@
 	function link_exists($linkname)
 	{
 		global $wpdb;
-		return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
+		return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
 	}
 }