Ticket #6644: prepared_queries1.diff

File prepared_queries1.diff, 2.7 kB (added by filosofo, 8 months ago)

  • wp-comments-post.php

    old new  
    1111 
    1212$comment_post_ID = (int) $_POST['comment_post_ID']; 
    1313 
    14 $status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'"); 
     14$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 
    1515 
    1616if ( empty($status->comment_status) ) { 
    1717        do_action('comment_id_not_found', $comment_post_ID); 

  • wp-includes/taxonomy.php

    old new  
    749749        } 
    750750 
    751751        if ( !empty($taxonomy) ) 
    752                 return $wpdb->get_row("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = '$taxonomy'", ARRAY_A); 
     752                return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $taxonomy), ARRAY_A); 
    753753 
    754754        return $wpdb->get_var("SELECT term_id FROM $wpdb->terms as t WHERE $where"); 
    755755} 
     
    888888        if ( $ignore_empty ) 
    889889                $where = 'AND count > 0'; 
    890890 
    891         $taxonomy = $wpdb->escape( $taxonomy ); 
    892         return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = '$taxonomy' $where"); 
     891        return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) ); 
    893892} 
    894893 
    895894/** 
     
    918917        foreach ( $taxonomies as $taxonomy ) { 
    919918                $terms = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids'); 
    920919                $in_terms = "'" . implode("', '", $terms) . "'"; 
    921                 $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_terms)"); 
     920                $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_terms)", $object_id) ); 
    922921                wp_update_term_count($terms, $taxonomy); 
    923922        } 
    924923} 
     
    12931292                $delete_terms = array_diff($old_terms, $tt_ids); 
    12941293                if ( $delete_terms ) { 
    12951294                        $in_delete_terms = "'" . implode("', '", $delete_terms) . "'"; 
    1296                         $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_delete_terms)"); 
     1295                        $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) ); 
    12971296                        wp_update_term_count($delete_terms, $taxonomy); 
    12981297                } 
    12991298        }