Revert partial prepare() implementation. Needs to be all or nothing. Props xknown. fixes #5145

git-svn-id: https://develop.svn.wordpress.org/trunk@6216 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-10-09 23:16:35 +00:00
parent 5b7fffb348
commit b467f930fd

View File

@ -710,7 +710,6 @@ function wp_insert_post($postarr = array()) {
if ($update) { if ($update) {
// expected_slashed (everything!) // expected_slashed (everything!)
$wpdb->query( $wpdb->query(
$wpdb->prepare(
"UPDATE IGNORE $wpdb->posts SET "UPDATE IGNORE $wpdb->posts SET
post_author = '$post_author', post_author = '$post_author',
post_date = '$post_date', post_date = '$post_date',
@ -729,18 +728,16 @@ function wp_insert_post($postarr = array()) {
pinged = '$pinged', pinged = '$pinged',
post_modified = '".current_time('mysql')."', post_modified = '".current_time('mysql')."',
post_modified_gmt = '".current_time('mysql',1)."', post_modified_gmt = '".current_time('mysql',1)."',
post_parent = %d, post_parent = '$post_parent',
menu_order = '$menu_order' menu_order = '$menu_order'
WHERE ID = %d" WHERE ID = $post_ID");
, $post_parent, $post_ID ));
} else { } else {
// expected_slashed (everything!) // expected_slashed (everything!)
$wpdb->query( $wpdb->query(
$wpdb->prepare(
"INSERT IGNORE INTO $wpdb->posts "INSERT IGNORE INTO $wpdb->posts
(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type) (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type)
VALUES VALUES
('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type')", $post_parent)); ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type')");
$post_ID = (int) $wpdb->insert_id; $post_ID = (int) $wpdb->insert_id;
} }
@ -1374,7 +1371,6 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
if ($update) { if ($update) {
// expected_slashed (everything!) // expected_slashed (everything!)
$wpdb->query( $wpdb->query(
$wpdb->prepare(
"UPDATE $wpdb->posts SET "UPDATE $wpdb->posts SET
post_author = '$post_author', post_author = '$post_author',
post_date = '$post_date', post_date = '$post_date',
@ -1393,19 +1389,18 @@ function wp_insert_attachment($object, $file = false, $parent = 0) {
pinged = '$pinged', pinged = '$pinged',
post_modified = '".current_time('mysql')."', post_modified = '".current_time('mysql')."',
post_modified_gmt = '".current_time('mysql',1)."', post_modified_gmt = '".current_time('mysql',1)."',
post_parent = %d, post_parent = '$post_parent',
menu_order = '$menu_order', menu_order = '$menu_order',
post_mime_type = '$post_mime_type', post_mime_type = '$post_mime_type',
guid = '$guid' guid = '$guid'
WHERE ID = %d", $post_parent, $post_ID)); WHERE ID = $post_ID");
} else { } else {
// expected_slashed (everything!) // expected_slashed (everything!)
$wpdb->query( $wpdb->query(
$wpdb->prepare(
"INSERT INTO $wpdb->posts "INSERT INTO $wpdb->posts
(post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid) (post_author, post_date, post_date_gmt, post_content, post_content_filtered, post_title, post_excerpt, post_status, post_type, comment_status, ping_status, post_password, post_name, to_ping, pinged, post_modified, post_modified_gmt, post_parent, menu_order, post_mime_type, guid)
VALUES VALUES
('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', %d, '$menu_order', '$post_mime_type', '$guid')", $post_parent )); ('$post_author', '$post_date', '$post_date_gmt', '$post_content', '$post_content_filtered', '$post_title', '$post_excerpt', '$post_status', '$post_type', '$comment_status', '$ping_status', '$post_password', '$post_name', '$to_ping', '$pinged', '$post_date', '$post_date_gmt', '$post_parent', '$menu_order', '$post_mime_type', '$guid')");
$post_ID = (int) $wpdb->insert_id; $post_ID = (int) $wpdb->insert_id;
} }