Prepare DB queries in more places. Props filosofo. see #6644

git-svn-id: https://develop.svn.wordpress.org/trunk@7645 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Ryan Boren
2008-04-14 16:13:25 +00:00
parent 32e9822516
commit fdc05b24f6
24 changed files with 153 additions and 166 deletions

View File

@@ -57,13 +57,13 @@ function get_profile($field, $user = false) {
global $wpdb;
if ( !$user )
$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
}
function get_usernumposts($userid) {
global $wpdb;
$userid = (int) $userid;
return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
}
// TODO: xmlrpc only. Maybe move to xmlrpc.php.
@@ -130,9 +130,9 @@ function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) {
$meta_value = trim( $meta_value );
if ( ! empty($meta_value) )
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
else
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
wp_cache_delete($user_id, 'users');
@@ -148,9 +148,9 @@ function get_usermeta( $user_id, $meta_key = '') {
if ( !empty($meta_key) ) {
$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
} else {
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
}
if ( empty($metas) ) {
@@ -185,13 +185,13 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
return delete_usermeta($user_id, $meta_key);
}
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
if ( !$cur ) {
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
VALUES
( '$user_id', '$meta_key', '$meta_value' )");
} else if ( $cur->meta_value != $meta_value ) {
$wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
} else {
return false;
}