Add some prophylactic int casts and quoting.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3740 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-04-22 00:02:00 +00:00
parent 85f5f5229f
commit 8da6c47ae3
4 changed files with 16 additions and 10 deletions

View File

@ -60,7 +60,9 @@ function check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $
function get_approved_comments($post_id) {
global $wpdb;
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = $post_id AND comment_approved = '1' ORDER BY comment_date");
$post_id = (int) $post_id;
return $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post_id' AND comment_approved = '1' ORDER BY comment_date");
}
// Retrieves comment data given a comment ID or comment object.

View File

@ -365,7 +365,7 @@ function wp_delete_attachment($postid) {
global $wpdb;
$postid = (int) $postid;
if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = '$postid'") )
return $post;
if ( 'attachment' != $post->post_type )
@ -374,17 +374,17 @@ function wp_delete_attachment($postid) {
$meta = get_post_meta($postid, '_wp_attachment_metadata', true);
$file = get_post_meta($postid, '_wp_attached_file', true);
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
$wpdb->query("DELETE FROM $wpdb->posts WHERE ID = '$postid'");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
$wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = '$postid'");
$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
$wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = '$postid'");
$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
$wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = '$postid'");
if ( ! empty($meta['thumb']) ) {
// Don't delete the thumb if another attachment uses it
if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> $postid"))
if (! $foo = $wpdb->get_row("SELECT meta_id FROM $wpdb->postmeta WHERE meta_key = '_wp_attachment_metadata' AND meta_value LIKE '%".$wpdb->escape($meta['thumb'])."%' AND post_id <> '$postid'"))
@ unlink(str_replace(basename($file), $meta['thumb'], $file));
}
@ -481,9 +481,11 @@ function wp_publish_post($post_id) {
function wp_get_post_cats($blogid = '1', $post_ID = 0) {
global $wpdb;
$post_ID = (int) $post_ID;
$sql = "SELECT category_id
FROM $wpdb->post2cat
WHERE post_id = $post_ID
WHERE post_id = '$post_ID'
ORDER BY category_id";
$result = $wpdb->get_col($sql);

View File

@ -168,6 +168,8 @@ function get_linkrating($link) {
** uses 0
*/
function get_linkcatname($id = 0) {
$id = (int) $id;
if ( empty($id) )
return '';

View File

@ -501,8 +501,8 @@ function get_calendar($initial = true) {
// Get days with posts
$dayswithposts = $wpdb->get_results("SELECT DISTINCT DAYOFMONTH(post_date)
FROM $wpdb->posts WHERE MONTH(post_date) = $thismonth
AND YEAR(post_date) = $thisyear
FROM $wpdb->posts WHERE MONTH(post_date) = '$thismonth'
AND YEAR(post_date) = '$thisyear'
AND post_type = 'post' AND post_status = 'publish'
AND post_date < '" . current_time('mysql') . '\'', ARRAY_N);
if ( $dayswithposts ) {