diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 13a869e840..ca74f41acd 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -15,7 +15,7 @@ if ( isset($_GET['action']) && 'ajax-tag-search' == $_GET['action'] ) {
if ( strstr( $s, ',' ) )
die; // it's a multiple tag insert, we won't find anything
- $results = $wpdb->get_col( "SELECT name FROM $wpdb->terms WHERE name LIKE ('%$s%')" );
+ $results = $wpdb->get_col( $wpdb->prepare("SELECT name FROM $wpdb->terms WHERE name LIKE (%s)", '%' . $s . '%') );
echo join( $results, "\n" );
die;
}
diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index bc62681bc4..8ed4df5691 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -12,8 +12,7 @@ if ( !empty( $_REQUEST['delete_comments'] ) ) {
$comments_deleted = $comments_approved = $comments_unapproved = $comments_spammed = 0;
foreach ($_REQUEST['delete_comments'] as $comment) : // Check the permissions on each
$comment = (int) $comment;
- $post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
- // $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
+ $post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment) );
if ( !current_user_can('edit_post', $post_id) )
continue;
if ( !empty( $_REQUEST['spamit'] ) ) {
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index ee4bee2c26..a2b0181b4d 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -175,7 +175,7 @@ if ($posts) {
if ( 1 == count($posts) && is_singular() ) :
- $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
if ( $comments ) :
// Make sure comments, post, and post_author are cached
update_comment_cache($comments);
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index b7cdcf45b5..ab9b3ea759 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -205,7 +205,7 @@ if ( $page_links )
if ( 1 == count($posts) && is_singular() ) :
- $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
if ( $comments ) :
// Make sure comments, post, and post_author are cached
update_comment_cache($comments);
diff --git a/wp-admin/import/blogger.php b/wp-admin/import/blogger.php
index 17b6083057..a24c685357 100644
--- a/wp-admin/import/blogger.php
+++ b/wp-admin/import/blogger.php
@@ -641,7 +641,7 @@ class Blogger_Import {
$host = $this->blogs[$importing_blog]['host'];
// Get an array of posts => authors
- $post_ids = (array) $wpdb->get_col("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = '$host'");
+ $post_ids = (array) $wpdb->get_col( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_key = 'blogger_blog' AND meta_value = %s", $host) );
$post_ids = join( ',', $post_ids );
$results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
foreach ( $results as $row )
@@ -658,7 +658,7 @@ class Blogger_Import {
$post_ids = (array) array_keys( $authors_posts, $this->blogs[$importing_blog]['authors'][$author][0] );
$post_ids = join( ',', $post_ids);
- $wpdb->query("UPDATE $wpdb->posts SET post_author = $user_id WHERE id IN ($post_ids)");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE id IN ($post_ids)", $user_id) );
$this->blogs[$importing_blog]['authors'][$author][1] = $user_id;
}
$this->save_vars();
diff --git a/wp-admin/import/dotclear.php b/wp-admin/import/dotclear.php
index 16df934ffe..da1047ffb2 100644
--- a/wp-admin/import/dotclear.php
+++ b/wp-admin/import/dotclear.php
@@ -13,7 +13,7 @@ if(!function_exists('get_comment_count'))
function get_comment_count($post_ID)
{
global $wpdb;
- return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+ return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
}
}
@@ -22,7 +22,7 @@ if(!function_exists('link_exists'))
function link_exists($linkname)
{
global $wpdb;
- return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$linkname.'"');
+ return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
}
}
diff --git a/wp-admin/import/textpattern.php b/wp-admin/import/textpattern.php
index 1c10015f04..c3fb1d78c0 100644
--- a/wp-admin/import/textpattern.php
+++ b/wp-admin/import/textpattern.php
@@ -8,7 +8,7 @@ if(!function_exists('get_comment_count'))
function get_comment_count($post_ID)
{
global $wpdb;
- return $wpdb->get_var('SELECT count(*) FROM '.$wpdb->comments.' WHERE comment_post_ID = '.$post_ID);
+ return $wpdb->get_var( $wpdb->prepare("SELECT count(*) FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
}
}
@@ -17,7 +17,7 @@ if(!function_exists('link_exists'))
function link_exists($linkname)
{
global $wpdb;
- return $wpdb->get_var('SELECT link_id FROM '.$wpdb->links.' WHERE link_name = "'.$wpdb->escape($linkname).'"');
+ return $wpdb->get_var( $wpdb->prepare("SELECT link_id FROM $wpdb->links WHERE link_name = %s", $linkname) );
}
}
diff --git a/wp-admin/import/wp-cat2tag.php b/wp-admin/import/wp-cat2tag.php
index 0f271cecaf..fc54c6149b 100644
--- a/wp-admin/import/wp-cat2tag.php
+++ b/wp-admin/import/wp-cat2tag.php
@@ -164,12 +164,12 @@ function check_all_rows() {
$id = $id['term_taxonomy_id'];
$posts = get_objects_in_term($category->term_id, 'category');
foreach ( $posts as $post ) {
- if ( !$wpdb->get_var("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = '$post' AND term_taxonomy_id = '$id'") )
- $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post', '$id')");
+ if ( !$wpdb->get_var( $wpdb->prepare("SELECT object_id FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id = %d", $post, $id) ) )
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES (%d, %d)", $post, $id) );
clean_post_cache($post);
}
} else {
- $tt_ids = $wpdb->get_col("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
+ $tt_ids = $wpdb->get_col( $wpdb->prepare("SELECT term_taxonomy_id FROM $wpdb->term_taxonomy WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
if ( $tt_ids ) {
$posts = $wpdb->get_col("SELECT object_id FROM $wpdb->term_relationships WHERE term_taxonomy_id IN (" . join(',', $tt_ids) . ") GROUP BY object_id");
foreach ( (array) $posts as $post )
@@ -177,14 +177,14 @@ function check_all_rows() {
}
// Change the category to a tag.
- $wpdb->query("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = '{$category->term_id}' AND taxonomy = 'category'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET taxonomy = 'post_tag' WHERE term_id = %d AND taxonomy = 'category'", $category->term_id) );
- $terms = $wpdb->get_col("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
+ $terms = $wpdb->get_col( $wpdb->prepare("SELECT term_id FROM $wpdb->term_taxonomy WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
foreach ( (array) $terms as $term )
clean_category_cache($term);
// Set all parents to 0 (root-level) if their parent was the converted tag
- $wpdb->query("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = '{$category->term_id}' AND taxonomy = 'category'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET parent = 0 WHERE parent = %d AND taxonomy = 'category'", $category->term_id) );
}
// Clean the cache
clean_category_cache($category->term_id);
diff --git a/wp-admin/includes/bookmark.php b/wp-admin/includes/bookmark.php
index 908d6b86b3..c0bb354576 100644
--- a/wp-admin/includes/bookmark.php
+++ b/wp-admin/includes/bookmark.php
@@ -47,7 +47,7 @@ function wp_delete_link($link_id) {
wp_delete_object_term_relationships($link_id, 'link_category');
- $wpdb->query("DELETE FROM $wpdb->links WHERE link_id = '$link_id'");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_id = %d", $link_id) );
do_action('deleted_link', $link_id);
@@ -119,15 +119,14 @@ function wp_insert_link($linkdata) {
}
if ( $update ) {
- $wpdb->query("UPDATE $wpdb->links SET link_url='$link_url',
- link_name='$link_name', link_image='$link_image',
- link_target='$link_target',
- link_visible='$link_visible', link_description='$link_description',
- link_rating='$link_rating', link_rel='$link_rel',
- link_notes='$link_notes', link_rss = '$link_rss'
- WHERE link_id='$link_id'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_url = %s,
+ link_name = %s, link_image = %s, link_target = %s,
+ link_visible = %s, link_description = %s, link_rating = %s,
+ link_rel = %s, link_notes = %s, link_rss = %s
+ WHERE link_id = %s", $link_url, $link_name, $link_image, $link_target, $link_visible, $link_description, $link_rating, $link_rel, $link_notes, $link_rss, $link_id) );
} else {
- $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES('$link_url','$link_name', '$link_image', '$link_target', '$link_description', '$link_visible', '$link_owner', '$link_rating', '$link_rel', '$link_notes', '$link_rss')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->links (link_url, link_name, link_image, link_target, link_description, link_visible, link_owner, link_rating, link_rel, link_notes, link_rss) VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
+ $link_url,$link_name, $link_image, $link_target, $link_description, $link_visible, $link_owner, $link_rating, $link_rel, $link_notes, $link_rss) );
$link_id = (int) $wpdb->insert_id;
}
diff --git a/wp-admin/includes/comment.php b/wp-admin/includes/comment.php
index 72ebcd23e3..f29d5ec0f4 100644
--- a/wp-admin/includes/comment.php
+++ b/wp-admin/includes/comment.php
@@ -3,8 +3,8 @@
function comment_exists($comment_author, $comment_date) {
global $wpdb;
- return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments
- WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'");
+ return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
+ WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
}
function edit_comment() {
@@ -67,7 +67,7 @@ function get_comment_to_edit( $id ) {
function get_pending_comments_num( $post_id ) {
global $wpdb;
$post_id = (int) $post_id;
- $pending = $wpdb->get_var( "SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '0'" );
+ $pending = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '0'", $post_id) );
return $pending;
}
diff --git a/wp-admin/includes/export.php b/wp-admin/includes/export.php
index 96239af921..ac83597506 100644
--- a/wp-admin/includes/export.php
+++ b/wp-admin/includes/export.php
@@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
$where = '';
if ( $author and $author != 'all' ) {
$author_id = (int) $author;
- $where = " WHERE post_author = '$author_id' ";
+ $where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
}
// grab a snapshot of post IDs, just in case it changes during the export
@@ -217,7 +217,7 @@ if ($post->post_type == 'attachment') { ?>
ID); ?>
get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
+$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
if ( $postmeta ) {
?>
@@ -228,7 +228,7 @@ if ( $postmeta ) {
get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
+$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
if ( $comments ) { foreach ( $comments as $c ) { ?>
comment_ID; ?>
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index aa1e833bbb..99542fa8cf 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -194,13 +194,13 @@ function post_exists($title, $content = '', $post_date = '') {
global $wpdb;
if (!empty ($post_date))
- $post_date = "AND post_date = '$post_date'";
+ $post_date = $wpdb->prepare("AND post_date = %s", $post_date);
if (!empty ($title))
- return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
+ return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title = %s $post_date", $title) );
else
if (!empty ($content))
- return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
+ return $wpdb->get_var( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_content = %s $post_date", $content) );
return 0;
}
@@ -380,11 +380,9 @@ function add_meta( $post_ID ) {
wp_cache_delete($post_ID, 'post_meta');
- $wpdb->query( "
- INSERT INTO $wpdb->postmeta
- (post_id,meta_key,meta_value )
- VALUES ('$post_ID','$metakey','$metavalue' )
- " );
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->postmeta
+ (post_id,meta_key,meta_value ) VALUES (%s, %s, %s)",
+ $post_ID, $metakey, $metavalue) );
return $wpdb->insert_id;
}
return false;
@@ -394,10 +392,10 @@ function delete_meta( $mid ) {
global $wpdb;
$mid = (int) $mid;
- $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+ $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
wp_cache_delete($post_id, 'post_meta');
- return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
+ return $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
}
// Get a list of previously defined keys
@@ -417,7 +415,7 @@ function get_post_meta_by_id( $mid ) {
global $wpdb;
$mid = (int) $mid;
- $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
+ $meta = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
if ( is_serialized_string( $meta->meta_value ) )
$meta->meta_value = maybe_unserialize( $meta->meta_value );
return $meta;
@@ -427,11 +425,9 @@ function get_post_meta_by_id( $mid ) {
function has_meta( $postid ) {
global $wpdb;
- return $wpdb->get_results( "
- SELECT meta_key, meta_value, meta_id, post_id
- FROM $wpdb->postmeta
- WHERE post_id = '$postid'
- ORDER BY meta_key,meta_id", ARRAY_A );
+ return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
+ FROM $wpdb->postmeta WHERE post_id = %d
+ ORDER BY meta_key,meta_id", $postid), ARRAY_A );
}
@@ -443,13 +439,13 @@ function update_meta( $mid, $mkey, $mvalue ) {
if ( in_array($mkey, $protected) )
return false;
- $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+ $post_id = $wpdb->get_var( $wpdb->prepare("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = %d", $mid) );
wp_cache_delete($post_id, 'post_meta');
$mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid;
- return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
+ return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->postmeta SET meta_key = %s, meta_value = %s WHERE meta_id = %d", $mkey, $mvalue, $mid) );
}
//
@@ -502,7 +498,7 @@ function _relocate_children( $old_ID, $new_ID ) {
global $wpdb;
$old_ID = (int) $old_ID;
$new_ID = (int) $new_ID;
- return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
+ return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) );
}
function get_available_post_statuses($type = 'post') {
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 205dac1656..1bc776339e 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -892,7 +892,7 @@ function page_template_dropdown( $default = '' ) {
function parent_dropdown( $default = 0, $parent = 0, $level = 0 ) {
global $wpdb, $post_ID;
- $items = $wpdb->get_results( "SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = $parent AND post_type = 'page' ORDER BY menu_order" );
+ $items = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_parent, post_title FROM $wpdb->posts WHERE post_parent = %d AND post_type = 'page' ORDER BY menu_order", $parent) );
if ( $items ) {
foreach ( $items as $item ) {
diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php
index f07ae05955..f59dbea7fd 100644
--- a/wp-admin/includes/upgrade.php
+++ b/wp-admin/includes/upgrade.php
@@ -218,7 +218,7 @@ function upgrade_100() {
foreach($posts as $post) {
if ('' == $post->post_name) {
$newtitle = sanitize_title($post->post_title);
- $wpdb->query("UPDATE $wpdb->posts SET post_name = '$newtitle' WHERE ID = '$post->ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_name = %s WHERE ID = %d", $newtitle, $post->ID) );
}
}
}
@@ -227,7 +227,7 @@ function upgrade_100() {
foreach ($categories as $category) {
if ('' == $category->category_nicename) {
$newtitle = sanitize_title($category->cat_name);
- $wpdb->query("UPDATE $wpdb->categories SET category_nicename = '$newtitle' WHERE cat_ID = '$category->cat_ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) );
}
}
@@ -250,14 +250,12 @@ function upgrade_100() {
if ($allposts) :
foreach ($allposts as $post) {
// Check to see if it's already been imported
- $cat = $wpdb->get_row("SELECT * FROM $wpdb->post2cat WHERE post_id = $post->ID AND category_id = $post->post_category");
+ $cat = $wpdb->get_row( $wpdb->("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) );
if (!$cat && 0 != $post->post_category) { // If there's no result
- $wpdb->query("
- INSERT INTO $wpdb->post2cat
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat
(post_id, category_id)
- VALUES
- ('$post->ID', '$post->post_category')
- ");
+ VALUES (%s, %s)
+ ", $post->ID, $post->post_category) );
}
}
endif;
@@ -285,7 +283,7 @@ function upgrade_110() {
foreach ($users as $user) {
if ('' == $user->user_nicename) {
$newname = sanitize_title($user->user_nickname);
- $wpdb->query("UPDATE $wpdb->users SET user_nicename = '$newname' WHERE ID = '$user->ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) );
}
}
@@ -401,7 +399,7 @@ function upgrade_130() {
foreach ( $options as $option ) {
if ( 1 != $option->dupes ) { // Could this be done in the query?
$limit = $option->dupes - 1;
- $dupe_ids = $wpdb->get_col("SELECT option_id FROM $wpdb->options WHERE option_name = '$option->option_name' LIMIT $limit");
+ $dupe_ids = $wpdb->get_col( $wpdb->prepare("SELECT option_id FROM $wpdb->options WHERE option_name = %s LIMIT %d", $option->option_name, $limit) );
$dupe_ids = join($dupe_ids, ',');
$wpdb->query("DELETE FROM $wpdb->options WHERE option_id IN ($dupe_ids)");
}
@@ -445,8 +443,7 @@ function upgrade_160() {
if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
if (!$idmode) $id = $user->user_nickname;
- $id = $wpdb->escape( $id );
- $wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) );
endif;
// FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set.
@@ -468,7 +465,7 @@ function upgrade_160() {
$comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" );
if( is_array( $comments ) ) {
foreach ($comments as $comment) {
- $wpdb->query( "UPDATE $wpdb->posts SET comment_count = $comment->c WHERE ID = '$comment->comment_post_ID'" );
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) );
}
}
@@ -477,10 +474,10 @@ function upgrade_160() {
if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) {
$objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'");
foreach ($objects as $object) {
- $wpdb->query("UPDATE $wpdb->posts SET post_status = 'attachment',
- post_mime_type = '$object->post_type',
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment',
+ post_mime_type = %s,
post_type = ''
- WHERE ID = $object->ID");
+ WHERE ID = %d", $object->post_type, $object->ID) );
$meta = get_post_meta($object->ID, 'imagedata', true);
if ( ! empty($meta['file']) )
@@ -508,7 +505,7 @@ function upgrade_210() {
$type = 'attachment';
}
- $wpdb->query("UPDATE $wpdb->posts SET post_status = '$status', post_type = '$type' WHERE ID = '$post->ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = %s, post_type = %s WHERE ID = %d", $status, $type, $post->ID) );
}
}
@@ -541,45 +538,42 @@ function upgrade_230() {
$categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_ID");
foreach ($categories as $category) {
$term_id = (int) $category->cat_ID;
- $name = $wpdb->escape($category->cat_name);
- $description = $wpdb->escape($category->category_description);
- $slug = $wpdb->escape($category->category_nicename);
- $parent = $wpdb->escape($category->category_parent);
$term_group = 0;
// Associate terms with the same slug in a term group and make slugs unique.
- if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
+ if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
$term_group = $exists[0]->term_group;
$id = $exists[0]->term_id;
$num = 2;
do {
$alt_slug = $slug . "-$num";
$num++;
- $slug_check = $wpdb->get_var("SELECT slug FROM $wpdb->terms WHERE slug = '$alt_slug'");
+ $slug_check = $wpdb->get_var( $wpdb->prepare("SELECT slug FROM $wpdb->terms WHERE slug = %s", $alt_slug) );
} while ( $slug_check );
$slug = $alt_slug;
if ( empty( $term_group ) ) {
$term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms GROUP BY term_group") + 1;
- $wpdb->query("UPDATE $wpdb->terms SET term_group = '$term_group' WHERE term_id = '$id'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $id) );
}
}
- $wpdb->query("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES ('$term_id', '$name', '$slug', '$term_group')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (term_id, name, slug, term_group) VALUES
+ (%d, %s, %s, %d)", $term_id, $name, $slug, $term_group) );
$count = 0;
if ( !empty($category->category_count) ) {
$count = (int) $category->category_count;
$taxonomy = 'category';
- $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
}
if ( !empty($category->link_count) ) {
$count = (int) $category->link_count;
$taxonomy = 'link_category';
- $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
}
@@ -587,14 +581,14 @@ function upgrade_230() {
$have_tags = true;
$count = (int) $category->tag_count;
$taxonomy = 'post_tag';
- $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
}
if ( empty($count) ) {
$count = 0;
$taxonomy = 'category';
- $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', '$taxonomy', '$description', '$parent', '$count')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) );
$tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id;
}
}
@@ -614,7 +608,7 @@ function upgrade_230() {
if ( empty($tt_id) )
continue;
- $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$post_id', '$tt_id')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) );
}
// < 3570 we used linkcategories. >= 3570 we used categories and link2cat.
@@ -633,20 +627,20 @@ function upgrade_230() {
$term_group = 0;
// Associate terms with the same slug in a term group and make slugs unique.
- if ( $exists = $wpdb->get_results("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = '$slug'") ) {
+ if ( $exists = $wpdb->get_results( $wpdb->prepare("SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $slug) ) ) {
$term_group = $exists[0]->term_group;
$term_id = $exists[0]->term_id;
}
if ( empty($term_id) ) {
- $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$name', '$slug', '$term_group')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) );
$term_id = (int) $wpdb->insert_id;
}
$link_cat_id_map[$cat_id] = $term_id;
$default_link_cat = $term_id;
- $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('$term_id', 'link_category', '', '0', '0')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) );
$tt_ids[$term_id] = (int) $wpdb->insert_id;
}
@@ -662,7 +656,7 @@ function upgrade_230() {
if ( empty($tt_id) )
continue;
- $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link->link_id', '$tt_id')");
+ $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) );
}
// Set default to the last category we grabbed during the upgrade loop.
@@ -677,7 +671,7 @@ function upgrade_230() {
if ( empty($tt_id) )
continue;
- $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ('$link_id', '$tt_id')");
+ $wpdb->query("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) );
}
}
@@ -690,10 +684,10 @@ function upgrade_230() {
$terms = $wpdb->get_results("SELECT term_taxonomy_id, taxonomy FROM $wpdb->term_taxonomy");
foreach ( (array) $terms as $term ) {
if ( ('post_tag' == $term->taxonomy) || ('category' == $term->taxonomy) )
- $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = '$term->term_taxonomy_id'");
+ $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) );
else
- $count = $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
- $wpdb->query("UPDATE $wpdb->term_taxonomy SET count = '$count' WHERE term_taxonomy_id = '$term->term_taxonomy_id'");
+ $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) );
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) );
}
}
@@ -823,7 +817,7 @@ function __get_option($setting) {
return preg_replace( '|/+$|', '', constant( 'WP_SITEURL' ) );
}
- $option = $wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = '$setting'");
+ $option = $wpdb->get_var( $wpdb->prepare("SELECT option_value FROM $wpdb->options WHERE option_name = %s", $setting) );
if ( 'home' == $setting && '' == $option )
return __get_option('siteurl');
diff --git a/wp-admin/includes/user.php b/wp-admin/includes/user.php
index 743c70cbcd..154ba1af33 100644
--- a/wp-admin/includes/user.php
+++ b/wp-admin/includes/user.php
@@ -141,10 +141,7 @@ function edit_user( $user_id = 0 ) {
function get_author_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
-
- $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value != '0'";
-
- return $wpdb->get_col( $query );
+ return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value != '0'", $level_key) );
}
function get_editable_authors( $user_id ) {
@@ -176,7 +173,7 @@ function get_editable_user_ids( $user_id, $exclude_zeros = true ) {
$level_key = $wpdb->prefix . 'user_level';
- $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key'";
+ $query = $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s", $level_key);
if ( $exclude_zeros )
$query .= " AND meta_value != '0'";
@@ -187,9 +184,7 @@ function get_nonauthor_user_ids() {
global $wpdb;
$level_key = $wpdb->prefix . 'user_level';
- $query = "SELECT user_id FROM $wpdb->usermeta WHERE meta_key = '$level_key' AND meta_value = '0'";
-
- return $wpdb->get_col( $query );
+ return $wpdb->get_col( $wpdb->prepare("SELECT user_id FROM $wpdb->usermeta WHERE meta_key = %s AND meta_value = '0'", $level_key) );
}
function get_others_unpublished_posts($user_id, $type='any') {
@@ -208,7 +203,7 @@ function get_others_unpublished_posts($user_id, $type='any') {
$other_unpubs = '';
} else {
$editable = join(',', $editable);
- $other_unpubs = $wpdb->get_results("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != '$user_id' ORDER BY post_modified $dir");
+ $other_unpubs = $wpdb->get_results( $wpdb->prepare("SELECT ID, post_title, post_author FROM $wpdb->posts WHERE post_type = 'post' AND $type_sql AND post_author IN ($editable) AND post_author != %d ORDER BY post_modified $dir", $user_id) );
}
return apply_filters('get_others_drafts', $other_unpubs);
@@ -241,8 +236,7 @@ function get_user_to_edit( $user_id ) {
function get_users_drafts( $user_id ) {
global $wpdb;
- $user_id = (int) $user_id;
- $query = "SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = $user_id ORDER BY post_modified DESC";
+ $query = $wpdb->prepare("SELECT ID, post_title FROM $wpdb->posts WHERE post_type = 'post' AND post_status = 'draft' AND post_author = %d ORDER BY post_modified DESC", $user_id);
$query = apply_filters('get_users_drafts', $query);
return $wpdb->get_results( $query );
}
@@ -253,7 +247,7 @@ function wp_delete_user($id, $reassign = 'novalue') {
$id = (int) $id;
if ($reassign == 'novalue') {
- $post_ids = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_author = $id");
+ $post_ids = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_author = %d", $id) );
if ($post_ids) {
foreach ($post_ids as $post_id)
@@ -261,18 +255,18 @@ function wp_delete_user($id, $reassign = 'novalue') {
}
// Clean links
- $wpdb->query("DELETE FROM $wpdb->links WHERE link_owner = $id");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->links WHERE link_owner = %d", $id) );
} else {
$reassign = (int) $reassign;
- $wpdb->query("UPDATE $wpdb->posts SET post_author = {$reassign} WHERE post_author = {$id}");
- $wpdb->query("UPDATE $wpdb->links SET link_owner = {$reassign} WHERE link_owner = {$id}");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_author = %d WHERE post_author = %d", $reassign, $id) );
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_owner = %d WHERE link_owner = %d}", $reassign, $id) );
}
// FINALLY, delete user
do_action('delete_user', $id);
- $wpdb->query("DELETE FROM $wpdb->users WHERE ID = $id");
- $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$id'");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->users WHERE ID = %d", $id) );
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d", $id) );
wp_cache_delete($id, 'users');
wp_cache_delete($user->user_login, 'userlogins');
@@ -323,7 +317,7 @@ class WP_User_Search {
function prepare_query() {
global $wpdb;
$this->first_user = ($this->page - 1) * $this->users_per_page;
- $this->query_limit = ' LIMIT ' . $this->first_user . ',' . $this->users_per_page;
+ $this->query_limit = $wpdb->prepare(" LIMIT %d, %d", $this->first_user, $this->users_per_page);
$this->query_sort = ' ORDER BY user_login';
$search_sql = '';
if ( $this->search_term ) {
@@ -337,7 +331,7 @@ class WP_User_Search {
$this->query_from_where = "FROM $wpdb->users";
if ( $this->role )
- $this->query_from_where .= " INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE '%$this->role%'";
+ $this->query_from_where .= $wpdb->prepare(" INNER JOIN $wpdb->usermeta ON $wpdb->users.ID = $wpdb->usermeta.user_id WHERE $wpdb->usermeta.meta_key = '{$wpdb->prefix}capabilities' AND $wpdb->usermeta.meta_value LIKE %s", '%' . $this->role . '%');
else
$this->query_from_where .= " WHERE 1=1";
$this->query_from_where .= " $search_sql";
diff --git a/wp-admin/update-links.php b/wp-admin/update-links.php
index 6641279815..0f5ef46c06 100644
--- a/wp-admin/update-links.php
+++ b/wp-admin/update-links.php
@@ -36,9 +36,9 @@ if ( false !== ( $fs = @fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5)
$returns = explode("\n", $body);
foreach ($returns as $return) :
- $time = $wpdb->escape( substr($return, 0, 19) );
- $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
- $wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
+ $time = substr($return, 0, 19);
+ $uri = preg_replace('/(.*?) | (.*?)/', '$2', $return);
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->links SET link_updated = %s WHERE link_url = %s", $time, $uri) );
endforeach;
}
?>
diff --git a/wp-admin/upload.php b/wp-admin/upload.php
index 0f7412dea5..855e06ea69 100644
--- a/wp-admin/upload.php
+++ b/wp-admin/upload.php
@@ -211,7 +211,7 @@ if ( $page_links )
if ( 1 == count($posts) && is_singular() ) :
- $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $id AND comment_approved != 'spam' ORDER BY comment_date");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved != 'spam' ORDER BY comment_date", $id) );
if ( $comments ) :
// Make sure comments, post, and post_author are cached
update_comment_cache($comments);
diff --git a/wp-comments-post.php b/wp-comments-post.php
index f7d7c4f5c8..bd04e736c1 100644
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -11,7 +11,7 @@ nocache_headers();
$comment_post_ID = (int) $_POST['comment_post_ID'];
-$status = $wpdb->get_row("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = '$comment_post_ID'");
+$status = $wpdb->get_row( $wpdb->prepare("SELECT post_status, comment_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
if ( empty($status->comment_status) ) {
do_action('comment_id_not_found', $comment_post_ID);
diff --git a/wp-includes/comment.php b/wp-includes/comment.php
index 94479fbb04..f5eff0a151 100644
--- a/wp-includes/comment.php
+++ b/wp-includes/comment.php
@@ -241,7 +241,7 @@ function get_comment_count( $post_id = 0 ) {
$where = '';
if ( $post_id > 0 ) {
- $where = "WHERE comment_post_ID = {$post_id}";
+ $where = $wpdb->prepare("WHERE comment_post_ID = %d", $post_id);
}
$totals = (array) $wpdb->get_results("
@@ -379,7 +379,7 @@ function check_comment_flood_db( $ip, $email, $date ) {
global $wpdb;
if ( current_user_can( 'manage_options' ) )
return; // don't throttle admins
- if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
+ if ( $lasttime = $wpdb->get_var( $wpdb->prepare("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = %s OR comment_author_email = %s ORDER BY comment_date DESC LIMIT 1", $ip, $email) ) ) {
$time_lastcomment = mysql2date('U', $lasttime);
$time_newcomment = mysql2date('U', $date);
$flood_die = apply_filters('comment_flood_filter', false, $time_lastcomment, $time_newcomment);
@@ -487,7 +487,7 @@ function wp_delete_comment($comment_id) {
$comment = get_comment($comment_id);
- if ( ! $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_ID='$comment_id' LIMIT 1") )
+ if ( ! $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->comments WHERE comment_ID = %d LIMIT 1", $comment_id) ) )
return false;
$post_id = $comment->comment_post_ID;
@@ -585,11 +585,10 @@ function wp_insert_comment($commentdata) {
if ( ! isset($user_id) )
$user_id = 0;
- $result = $wpdb->query("INSERT INTO $wpdb->comments
+ $result = $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->comments
(comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_approved, comment_agent, comment_type, comment_parent, user_id)
- VALUES
- ('$comment_post_ID', '$comment_author', '$comment_author_email', '$comment_author_url', '$comment_author_IP', '$comment_date', '$comment_date_gmt', '$comment_content', '$comment_approved', '$comment_agent', '$comment_type', '$comment_parent', '$user_id')
- ");
+ VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d, %d)",
+ $comment_post_ID, $comment_author, $comment_author_email, $comment_author_url, $comment_author_IP, $comment_date, $comment_date_gmt, $comment_content, $comment_approved, $comment_agent, $comment_type, $comment_parent, $user_id) );
$id = (int) $wpdb->insert_id;
@@ -714,13 +713,13 @@ function wp_set_comment_status($comment_id, $comment_status) {
switch ( $comment_status ) {
case 'hold':
- $query = "UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID='$comment_id' LIMIT 1";
+ $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id);
break;
case 'approve':
- $query = "UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID='$comment_id' LIMIT 1";
+ $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id);
break;
case 'spam':
- $query = "UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID='$comment_id' LIMIT 1";
+ $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id);
break;
case 'delete':
return wp_delete_comment($comment_id);
@@ -774,16 +773,23 @@ function wp_update_comment($commentarr) {
$comment_date_gmt = get_gmt_from_date($comment_date);
- $wpdb->query(
- "UPDATE $wpdb->comments SET
- comment_content = '$comment_content',
- comment_author = '$comment_author',
- comment_author_email = '$comment_author_email',
- comment_approved = '$comment_approved',
- comment_author_url = '$comment_author_url',
- comment_date = '$comment_date',
- comment_date_gmt = '$comment_date_gmt'
- WHERE comment_ID = $comment_ID" );
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->comments SET
+ comment_content = %s,
+ comment_author = %s,
+ comment_author_email = %s,
+ comment_approved = %s,
+ comment_author_url = %s,
+ comment_date = %s,
+ comment_date_gmt = %s
+ WHERE comment_ID = %d",
+ $comment_content,
+ $comment_author,
+ $comment_author_email,
+ $comment_approved,
+ $comment_author_url,
+ $comment_date,
+ $comment_date_gmt
+ $comment_ID) );
$rval = $wpdb->rows_affected;
@@ -879,8 +885,8 @@ function wp_update_comment_count_now($post_id) {
return false;
$old = (int) $post->comment_count;
- $new = (int) $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1'");
- $wpdb->query("UPDATE $wpdb->posts SET comment_count = '$new' WHERE ID = '$post_id'");
+ $new = (int) $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_approved = '1'", $post_id) );
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $new, $post_id) );
if ( 'page' == $post->post_type )
clean_page_cache( $post_id );
@@ -1008,7 +1014,7 @@ function do_all_pings() {
// Do Enclosures
while ($enclosure = $wpdb->get_row("SELECT * FROM {$wpdb->posts}, {$wpdb->postmeta} WHERE {$wpdb->posts}.ID = {$wpdb->postmeta}.post_id AND {$wpdb->postmeta}.meta_key = '_encloseme' LIMIT 1")) {
- $wpdb->query("DELETE FROM {$wpdb->postmeta} WHERE post_id = {$enclosure->ID} AND meta_key = '_encloseme';");
+ $wpdb->query( $wpdb->prepare("DELETE FROM {$wpdb->postmeta} WHERE post_id = %d AND meta_key = '_encloseme';", $enclosure->ID) );
do_enclose($enclosure->post_content, $enclosure->ID);
}
@@ -1035,11 +1041,11 @@ function do_all_pings() {
function do_trackbacks($post_id) {
global $wpdb;
- $post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $post_id");
+ $post = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->posts WHERE ID = %d", $post_id) );
$to_ping = get_to_ping($post_id);
$pinged = get_pung($post_id);
if ( empty($to_ping) ) {
- $wpdb->query("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = '$post_id'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) );
return;
}
@@ -1060,7 +1066,7 @@ function do_trackbacks($post_id) {
trackback($tb_ping, $post_title, $excerpt, $post_id);
$pinged[] = $tb_ping;
} else {
- $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = '$post_id'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_ping', '')) WHERE ID = %d", $post_id) );
}
}
}
@@ -1225,8 +1231,8 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
@fclose($fs);
$tb_url = addslashes( $tb_url );
- $wpdb->query("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
- return $wpdb->query("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = '$ID'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = %d", $ID) );
+ return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = TRIM(REPLACE(to_ping, '$tb_url', '')) WHERE ID = %d", $ID) );
}
/**
diff --git a/wp-includes/post.php b/wp-includes/post.php
index e43bd1592e..fdb6d648f5 100644
--- a/wp-includes/post.php
+++ b/wp-includes/post.php
@@ -474,7 +474,7 @@ function get_posts($args) {
$query .= empty( $category ) ? '' : $wpdb->prepare("AND ($wpdb->posts.ID = $wpdb->term_relationships.object_id AND $wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id AND $wpdb->term_taxonomy.term_id = %d AND $wpdb->term_taxonomy.taxonomy = 'category')", $category);
$query .= empty( $post_parent ) ? '' : $wpdb->prepare("AND $wpdb->posts.post_parent = %d ", $post_parent);
// expected_slashed ($meta_key, $meta_value) -- Also, this looks really funky, doesn't seem like it works
- $query .= empty( $meta_key ) | empty($meta_value) ? '' : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )";
+ $query .= empty( $meta_key ) | empty($meta_value) ? '' : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value);
$query .= empty( $post_mime_type ) ? '' : wp_post_mime_type_where($post_mime_type);
$query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' . $order;
if ( 0 < $numberposts )
@@ -1960,7 +1960,7 @@ function &get_pages($args = '') {
$query .= ( empty( $meta_key ) ? "" : ", $wpdb->postmeta " ) ;
$query .= " WHERE (post_type = 'page' AND post_status = 'publish') $exclusions $inclusions " ;
// expected_slashed ($meta_key, $meta_value) -- also, it looks funky
- $query .= ( empty( $meta_key ) | empty($meta_value) ? "" : " AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = '$meta_key' AND $wpdb->postmeta.meta_value = '$meta_value' )" ) ;
+ $query .= ( empty( $meta_key ) | empty($meta_value) ? "" : $wpdb->prepare(" AND ($wpdb->posts.ID = $wpdb->postmeta.post_id AND $wpdb->postmeta.meta_key = %s AND $wpdb->postmeta.meta_value = %s )", $meta_key, $meta_value) ) ;
$query .= $author_query;
$query .= " ORDER BY " . $sort_column . " " . $sort_order ;
@@ -2737,7 +2737,7 @@ function clean_page_cache($id) {
do_action('clean_page_cache', $id);
- if ( $children = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_parent = '$id'" ) )
+ if ( $children = $wpdb->get_col( $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_parent = %d", $id) ) )
foreach( $children as $cid )
clean_post_cache( $cid );
}
@@ -2974,7 +2974,7 @@ function _get_post_ancestors(&$_post) {
return;
$id = $_post->ancestors[] = $_post->post_parent;
- while ( $ancestor = $wpdb->get_var("SELECT `post_parent` FROM $wpdb->posts WHERE ID= '{$id}' LIMIT 1") ) {
+ while ( $ancestor = $wpdb->get_var( $wpdb->prepare("SELECT `post_parent` FROM $wpdb->posts WHERE ID = %d LIMIT 1", $id) ) ) {
if ( $id == $ancestor )
break;
$id = $_post->ancestors[] = $ancestor;
diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php
index 09525aad88..785e28ff4c 100644
--- a/wp-includes/taxonomy.php
+++ b/wp-includes/taxonomy.php
@@ -749,7 +749,7 @@ function is_term($term, $taxonomy = '') {
}
if ( !empty($taxonomy) )
- return $wpdb->get_row("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = '$taxonomy'", ARRAY_A);
+ return $wpdb->get_row( $wpdb->prepare("SELECT tt.term_id, tt.term_taxonomy_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy as tt ON tt.term_id = t.term_id WHERE $where AND tt.taxonomy = %s", $taxonomy), ARRAY_A);
return $wpdb->get_var("SELECT term_id FROM $wpdb->terms as t WHERE $where");
}
@@ -888,8 +888,7 @@ function wp_count_terms( $taxonomy, $args = array() ) {
if ( $ignore_empty )
$where = 'AND count > 0';
- $taxonomy = $wpdb->escape( $taxonomy );
- return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = '$taxonomy' $where");
+ return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_taxonomy WHERE taxonomy = %s $where", $taxonomy) );
}
/**
@@ -918,7 +917,7 @@ function wp_delete_object_term_relationships( $object_id, $taxonomies ) {
foreach ( $taxonomies as $taxonomy ) {
$terms = wp_get_object_terms($object_id, $taxonomy, 'fields=tt_ids');
$in_terms = "'" . implode("', '", $terms) . "'";
- $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_terms)");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_terms)", $object_id) );
wp_update_term_count($terms, $taxonomy);
}
}
@@ -1293,7 +1292,7 @@ function wp_set_object_terms($object_id, $terms, $taxonomy, $append = false) {
$delete_terms = array_diff($old_terms, $tt_ids);
if ( $delete_terms ) {
$in_delete_terms = "'" . implode("', '", $delete_terms) . "'";
- $wpdb->query("DELETE FROM $wpdb->term_relationships WHERE object_id = '$object_id' AND term_taxonomy_id IN ($in_delete_terms)");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->term_relationships WHERE object_id = %d AND term_taxonomy_id IN ($in_delete_terms)", $object_id) );
wp_update_term_count($delete_terms, $taxonomy);
}
}
diff --git a/wp-includes/user.php b/wp-includes/user.php
index d1cadfa714..2456b46d13 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -57,13 +57,13 @@ function get_profile($field, $user = false) {
global $wpdb;
if ( !$user )
$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
- return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
+ return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
}
function get_usernumposts($userid) {
global $wpdb;
$userid = (int) $userid;
- return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
+ return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
}
// TODO: xmlrpc only. Maybe move to xmlrpc.php.
@@ -130,9 +130,9 @@ function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) {
$meta_value = trim( $meta_value );
if ( ! empty($meta_value) )
- $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
else
- $wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+ $wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
wp_cache_delete($user_id, 'users');
@@ -148,9 +148,9 @@ function get_usermeta( $user_id, $meta_key = '') {
if ( !empty($meta_key) ) {
$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
- $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+ $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
} else {
- $metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
+ $metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
}
if ( empty($metas) ) {
@@ -185,13 +185,13 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
return delete_usermeta($user_id, $meta_key);
}
- $cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+ $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
if ( !$cur ) {
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
VALUES
( '$user_id', '$meta_key', '$meta_value' )");
} else if ( $cur->meta_value != $meta_value ) {
- $wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
+ $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
} else {
return false;
}
diff --git a/wp-trackback.php b/wp-trackback.php
index 26f8763ede..ce08b74f3d 100644
--- a/wp-trackback.php
+++ b/wp-trackback.php
@@ -86,7 +86,7 @@ if ( !empty($tb_url) && !empty($title) ) {
$comment_content = "$title\n\n$excerpt";
$comment_type = 'trackback';
- $dupe = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_author_url = '$comment_author_url'");
+ $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
if ( $dupe )
trackback_response(1, 'We already have a ping from that URL for this post.');
diff --git a/xmlrpc.php b/xmlrpc.php
index 9ec7d2afc7..ae31440486 100644
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -1352,7 +1352,7 @@ class wp_xmlrpc_server extends IXR_Server {
if( is_array( $attachments ) ) {
foreach( $attachments as $file ) {
if( strpos( $post_content, $file->guid ) !== false ) {
- $wpdb->query( "UPDATE {$wpdb->posts} SET post_parent = '$post_ID' WHERE ID = '{$file->ID}'" );
+ $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) );
}
}
}
@@ -2093,7 +2093,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(404, __('Sorry, no such post.'));
}
- $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
if (!$comments) {
return array();
@@ -2206,7 +2206,7 @@ class wp_xmlrpc_server extends IXR_Server {
} elseif (is_string($urltest['fragment'])) {
// ...or a string #title, a little more complicated
$title = preg_replace('/[^a-z0-9]/i', '.', $urltest['fragment']);
- $sql = "SELECT ID FROM $wpdb->posts WHERE post_title RLIKE '$title'";
+ $sql = $wpdb->prepare("SELECT ID FROM $wpdb->posts WHERE post_title RLIKE %s", $title);
if (! ($post_ID = $wpdb->get_var($sql)) ) {
// returning unknown error '0' is better than die()ing
return new IXR_Error(0, '');
@@ -2235,7 +2235,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(33, __('The specified target URL cannot be used as a target. It either doesn\'t exist, or it is not a pingback-enabled resource.'));
// Let's check that the remote site didn't already pingback this entry
- $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_ID' AND comment_author_url = '$pagelinkedfrom'");
+ $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $post_ID, $pagelinkedfrom) );
if ( $wpdb->num_rows ) // We already have a Pingback from this URL
return new IXR_Error(48, __('The pingback has already been registered.'));
@@ -2344,7 +2344,7 @@ class wp_xmlrpc_server extends IXR_Server {
return new IXR_Error(32, __('The specified target URL does not exist.'));
}
- $comments = $wpdb->get_results("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = $post_ID");
+ $comments = $wpdb->get_results( $wpdb->prepare("SELECT comment_author_url, comment_content, comment_author_IP, comment_type FROM $wpdb->comments WHERE comment_post_ID = %d", $post_ID) );
if (!$comments) {
return array();