Prepare DB queries in more places. Props filosofo. see #6644

git-svn-id: https://develop.svn.wordpress.org/trunk@7645 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2008-04-14 16:13:25 +00:00
parent 32e9822516
commit fdc05b24f6
24 changed files with 153 additions and 166 deletions

View File

@@ -17,7 +17,7 @@ header('Content-Type: text/xml; charset=' . get_option('blog_charset'), true);
$where = '';
if ( $author and $author != 'all' ) {
$author_id = (int) $author;
$where = " WHERE post_author = '$author_id' ";
$where = $wpdb->prepare(" WHERE post_author = %d ", $author_id);
}
// grab a snapshot of post IDs, just in case it changes during the export
@@ -217,7 +217,7 @@ if ($post->post_type == 'attachment') { ?>
<wp:attachment_url><?php echo wp_get_attachment_url($post->ID); ?></wp:attachment_url>
<?php } ?>
<?php
$postmeta = $wpdb->get_results("SELECT * FROM $wpdb->postmeta WHERE post_id = $post->ID");
$postmeta = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->postmeta WHERE post_id = %d", $post->ID) );
if ( $postmeta ) {
?>
<?php foreach( $postmeta as $meta ) { ?>
@@ -228,7 +228,7 @@ if ( $postmeta ) {
<?php } ?>
<?php } ?>
<?php
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post->ID");
$comments = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d", $post->ID) );
if ( $comments ) { foreach ( $comments as $c ) { ?>
<wp:comment>
<wp:comment_id><?php echo $c->comment_ID; ?></wp:comment_id>