WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 23 months ago

Last modified 22 months ago

#11100 closed defect (bug) (fixed)

delete_post_meta_by_key() is currently broken

Reported by: Viper007Bond Owned by: westi
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.9
Component: Database Keywords: has-patch
Focuses: Cc:

Description

$wpdb->prepare() quotes strings and therefore results in a broken query:

$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $postmetaids) ) );

It results in something like this:

DELETE FROM wp_postmeta WHERE meta_id IN('883,1062,1063,1064,1066,1067,969')

There are likely other places where this is also an issue.

Attachments (1)

11100.patch (754 bytes) - added by Viper007Bond 5 years ago.
Don't use prepare()

Download all attachments as: .zip

Change History (9)

@Viper007Bond5 years ago

Don't use prepare()

comment:1 @Viper007Bond5 years ago

Props to DD32 by the way for pointing out to me what was going wrong.

comment:2 @westi5 years ago

  • Owner changed from ryan to westi
  • Status changed from new to accepted

I have added some testcases to wordpress-tests to catch this error.

I would prefer to keep the call to prepare here for consistency sake.

Going to commit an alternative fix which works for my local tests please re-open if there are still issues.

comment:3 @westi5 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [12156]) Fix delete_post_meta_by_key() so that you can delete postmeta items by key again. Fixes #11100.

comment:4 @Denis-de-Bernardy5 years ago

  • Milestone changed from Unassigned to 2.9
  • Version set to 2.9

comment:5 @Ninos Ego23 months ago

I found this ticket after I searched for a solution with escaping in IN operators. I think the solution in [12156] is very nice. But if you have nothing in your array, you get a Database error. So here's my solution :)

$in = count($postmetaids) ? implode( ',', array_fill(1, count($postmetaids), '%d')) : 'NULL';
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN($in)", $postmetaids )); 

comment:6 @Ninos Ego23 months ago

  • Cc me@… added
  • Resolution fixed deleted
  • Severity changed from normal to trivial
  • Status changed from closed to reopened

comment:7 @ocean9023 months ago

  • Resolution set to fixed
  • Severity changed from trivial to normal
  • Status changed from reopened to closed

This ticket was closed on a completed milestone. Please open a new one.

Note: See TracTickets for help on using tickets.