Make WordPress Core

Opened 6 years ago

Closed 2 years ago

Last modified 2 years ago

#11100 closed defect (bug) (fixed)

delete_post_meta_by_key() is currently broken

Reported by: Viper007Bond Owned by: westi
Milestone: 2.9 Priority: normal
Severity: normal Version: 2.9
Component: Database Keywords: has-patch
Focuses: Cc:


$wpdb->prepare() quotes strings and therefore results in a broken query:

$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN(%s)", implode( ',', $postmetaids) ) );

It results in something like this:

DELETE FROM wp_postmeta WHERE meta_id IN('883,1062,1063,1064,1066,1067,969')

There are likely other places where this is also an issue.

Attachments (1)

11100.patch (754 bytes) - added by Viper007Bond 6 years ago.
Don't use prepare()

Download all attachments as: .zip

Change History (9)

6 years ago

Don't use prepare()

#1 @Viper007Bond
6 years ago

Props to DD32 by the way for pointing out to me what was going wrong.

#2 @westi
6 years ago

  • Owner changed from ryan to westi
  • Status changed from new to accepted

I have added some testcases to wordpress-tests to catch this error.

I would prefer to keep the call to prepare here for consistency sake.

Going to commit an alternative fix which works for my local tests please re-open if there are still issues.

#3 @westi
6 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [12156]) Fix delete_post_meta_by_key() so that you can delete postmeta items by key again. Fixes #11100.

#4 @Denis-de-Bernardy
6 years ago

  • Milestone changed from Unassigned to 2.9
  • Version set to 2.9

#5 @Ninos Ego
2 years ago

I found this ticket after I searched for a solution with escaping in IN operators. I think the solution in [12156] is very nice. But if you have nothing in your array, you get a Database error. So here's my solution :)

$in = count($postmetaids) ? implode( ',', array_fill(1, count($postmetaids), '%d')) : 'NULL';
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id IN($in)", $postmetaids )); 

#6 @Ninos Ego
2 years ago

  • Cc me@… added
  • Resolution fixed deleted
  • Severity changed from normal to trivial
  • Status changed from closed to reopened

#7 @ocean90
2 years ago

  • Resolution set to fixed
  • Severity changed from trivial to normal
  • Status changed from reopened to closed

This ticket was closed on a completed milestone. Please open a new one.

Note: See TracTickets for help on using tickets.