mirror of
https://github.com/gosticks/wordpress-develop.git
synced 2026-07-01 15:50:09 +00:00
Prepare DB queries in more places. Props filosofo. see #6644
git-svn-id: https://develop.svn.wordpress.org/trunk@7645 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
@@ -57,13 +57,13 @@ function get_profile($field, $user = false) {
|
||||
global $wpdb;
|
||||
if ( !$user )
|
||||
$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
|
||||
return $wpdb->get_var("SELECT $field FROM $wpdb->users WHERE user_login = '$user'");
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
|
||||
}
|
||||
|
||||
function get_usernumposts($userid) {
|
||||
global $wpdb;
|
||||
$userid = (int) $userid;
|
||||
return $wpdb->get_var("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = '$userid' AND post_type = 'post' AND " . get_private_posts_cap_sql('post'));
|
||||
return $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->posts WHERE post_author = %d AND post_type = 'post' AND ", $userid) . get_private_posts_cap_sql('post'));
|
||||
}
|
||||
|
||||
// TODO: xmlrpc only. Maybe move to xmlrpc.php.
|
||||
@@ -130,9 +130,9 @@ function delete_usermeta( $user_id, $meta_key, $meta_value = '' ) {
|
||||
$meta_value = trim( $meta_value );
|
||||
|
||||
if ( ! empty($meta_value) )
|
||||
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key' AND meta_value = '$meta_value'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s AND meta_value = %s", $userid, $meta_key, $meta_value) );
|
||||
else
|
||||
$wpdb->query("DELETE FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$wpdb->query( $wpdb->prepare("DELETE FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
||||
|
||||
wp_cache_delete($user_id, 'users');
|
||||
|
||||
@@ -148,9 +148,9 @@ function get_usermeta( $user_id, $meta_key = '') {
|
||||
|
||||
if ( !empty($meta_key) ) {
|
||||
$meta_key = preg_replace('|[^a-z0-9_]|i', '', $meta_key);
|
||||
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
|
||||
} else {
|
||||
$metas = $wpdb->get_results("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = '$user_id'");
|
||||
$metas = $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value FROM $wpdb->usermeta WHERE user_id = %d", $user_id) );
|
||||
}
|
||||
|
||||
if ( empty($metas) ) {
|
||||
@@ -185,13 +185,13 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
|
||||
return delete_usermeta($user_id, $meta_key);
|
||||
}
|
||||
|
||||
$cur = $wpdb->get_row("SELECT * FROM $wpdb->usermeta WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
|
||||
if ( !$cur ) {
|
||||
$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
|
||||
VALUES
|
||||
( '$user_id', '$meta_key', '$meta_value' )");
|
||||
} else if ( $cur->meta_value != $meta_value ) {
|
||||
$wpdb->query("UPDATE $wpdb->usermeta SET meta_value = '$meta_value' WHERE user_id = '$user_id' AND meta_key = '$meta_key'");
|
||||
$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user