Add typecasting to wpdb::insert() and update(). Props filosofo. fixes #7171

git-svn-id: http://svn.automattic.com/wordpress/trunk@10724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-03-05 23:47:02 +00:00
parent 801705a502
commit 551c0c8af9
2 changed files with 39 additions and 18 deletions

View File

@ -1499,14 +1499,20 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
}
// expected_slashed (everything!)
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
$fields = array( 'post_author' => '%d', 'post_date' => '%s', 'post_date_gmt' => '%s', 'post_content' => '%s', 'post_content_filtered' => '%s', 'post_title' => '%s',
'post_excerpt' => '%s', 'post_status' => '%s', 'post_type' => '%s', 'comment_status' => '%s', 'ping_status' => '%s', 'post_password' => '%s', 'post_name' => '%s',
'to_ping' => '%s', 'pinged' => '%s', 'post_modified' => '%s', 'post_modified_gmt' => '%s', 'post_parent' => '%d', 'menu_order' => '%d', 'guid' => '%s' );
$data = compact( array_keys( $fields) );
$data_formats = array_values( $fields );
$data = apply_filters('wp_insert_post_data', $data, $postarr);
$data = stripslashes_deep( $data );
error_log(var_export($data, true));
$where = array( 'ID' => $post_ID );
$where_formats = array('%d');
if ( $update ) {
do_action( 'pre_post_update', $post_ID );
if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) {
if ( false === $wpdb->update( $wpdb->posts, $data, $where, $data_formats, $where_formats ) ) {
if ( $wp_error )
return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error);
else
@ -1522,7 +1528,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
$data['ID'] = $import_id;
}
}
if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
if ( false === $wpdb->insert( $wpdb->posts, $data, $data_formats ) ) {
if ( $wp_error )
return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);
else

View File

@ -699,12 +699,19 @@ class wpdb {
*
* @param string $table WARNING: not sanitized!
* @param array $data Should not already be SQL-escaped
* @param array|string $format The format of the field values.
* @return mixed Results of $this->query()
*/
function insert($table, $data) {
$data = $this->_escape($data);
function insert($table, $data, $format = '%s') {
$format = (array) $format;
$fields = array_keys($data);
return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
$formatted_fields = array();
foreach ( $data as $field ) {
$form = ( $form = array_shift($format) ) ? $form : $formatted_fields[0];
$formatted_fields[] = $form;
}
$sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
return $this->query( $this->prepare( $sql, $data) );
}
/**
@ -715,21 +722,29 @@ class wpdb {
* @param string $table WARNING: not sanitized!
* @param array $data Should not already be SQL-escaped
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized!
* @param array|string $format The format of the field values.
* @param array|string $where_format The format of the where field values.
* @return mixed Results of $this->query()
*/
function update($table, $data, $where){
$data = $this->_escape($data);
$bits = $wheres = array();
foreach ( (array) array_keys($data) as $k )
$bits[] = "`$k` = '$data[$k]'";
if ( is_array( $where ) )
foreach ( $where as $c => $v )
$wheres[] = "$c = '" . $this->_escape( $v ) . "'";
else
function update($table, $data, $where, $format = '%s', $where_format = '%s') {
if ( !is_array( $where ) )
return false;
return $this->query( "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ) );
$formats = $format = (array) $format;
$bits = $wheres = array();
foreach ( (array) array_keys($data) as $k ) {
$form = ( $form = array_shift($formats) ) ? $form : $format[0];
$bits[] = "`$k` = {$form}";
}
$where_formats = $where_format = (array) $where_format;
foreach ( $where as $c => $v ) {
$form = ( $form = array_shift($where_formats) ) ? $form : $where_format[0];
$wheres[] = "$c = {$form}";
}
$sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
}
/**