WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added single quotes around values in SQL statements 

git-svn-id: http://svn.automattic.com/wordpress/trunk@810 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
alex_t_king 2004-01-30 02:39:01 +00:00
parent 77062c2301
commit ca6bbb36a8
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wp-includes/functions.php
View File

@ -412,7 +412,7 @@ function get_currentuserinfo() { // a bit like get_userdata(), on steroids
function get_userdata($userid) { function get_userdata($userid) {
global $wpdb, $cache_userdata, $use_cache, $tableusers; global $wpdb, $cache_userdata, $use_cache, $tableusers;
if ((empty($cache_userdata[$userid])) || (!$use_cache)) { if ((empty($cache_userdata[$userid])) || (!$use_cache)) {
$user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID = $userid"); $user = $wpdb->get_row("SELECT * FROM $tableusers WHERE ID = '$userid'");
$user->user_nickname = stripslashes($user->user_nickname); $user->user_nickname = stripslashes($user->user_nickname);
$user->user_firstname = stripslashes($user->user_firstname); $user->user_firstname = stripslashes($user->user_firstname);
$user->user_lastname = stripslashes($user->user_lastname); $user->user_lastname = stripslashes($user->user_lastname);
@ -464,7 +464,7 @@ function get_userid($user_login) {
function get_usernumposts($userid) { function get_usernumposts($userid) {
global $tableposts, $tablecomments, $wpdb; global $tableposts, $tablecomments, $wpdb;
return $wpdb->get_var("SELECT COUNT(*) FROM $tableposts WHERE post_author = $userid"); return $wpdb->get_var("SELECT COUNT(*) FROM $tableposts WHERE post_author = '$userid'");
} }
// examine a url (supposedly from this blog) and try to // examine a url (supposedly from this blog) and try to
@ -527,9 +527,9 @@ function url_to_postid($url = '') {
if (intval($post_id)) return intval($post_id); if (intval($post_id)) return intval($post_id);
// Otherwise, build a WHERE clause, making the values safe along the way: // Otherwise, build a WHERE clause, making the values safe along the way:
if ($year) $where .= " AND YEAR(post_date) = " . intval($year); if ($year) $where .= " AND YEAR(post_date) = '" . intval($year) . "'";
if ($monthnum) $where .= " AND MONTH(post_date) = " . intval($monthnum); if ($monthnum) $where .= " AND MONTH(post_date) = '" . intval($monthnum) . "'";
if ($day) $where .= " AND DAYOFMONTH(post_date) = " . intval($day); if ($day) $where .= " AND DAYOFMONTH(post_date) = '" . intval($day) . "'";
if ($postname) $where .= " AND post_name = '" . $wpdb->escape($postname) . "' "; if ($postname) $where .= " AND post_name = '" . $wpdb->escape($postname) . "' ";
// Run the query to get the post ID: // Run the query to get the post ID:
@ -584,7 +584,7 @@ function add_option() {
function get_postdata($postid) { function get_postdata($postid) {
global $post, $tableusers, $tablecategories, $tableposts, $tablecomments, $wpdb; global $post, $tableusers, $tablecategories, $tableposts, $tablecomments, $wpdb;
$post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = $postid"); $post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = '$postid'");
$postdata = array ( $postdata = array (
'ID' => $post->ID, 'ID' => $post->ID,
@ -629,7 +629,7 @@ function get_postdata2($postid=0) { // less flexible, but saves DB queries
function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries function get_commentdata($comment_ID,$no_cache=0,$include_unapproved=false) { // less flexible, but saves DB queries
global $postc,$id,$commentdata,$tablecomments, $wpdb; global $postc,$id,$commentdata,$tablecomments, $wpdb;
if ($no_cache) { if ($no_cache) {
$query = "SELECT * FROM $tablecomments WHERE comment_ID = $comment_ID"; $query = "SELECT * FROM $tablecomments WHERE comment_ID = '$comment_ID'";
if (false == $include_unapproved) { if (false == $include_unapproved) {
$query .= " AND comment_approved = '1'"; $query .= " AND comment_approved = '1'";
} }
@ -680,7 +680,7 @@ function dropdown_categories($default = 0) {
$postcategories = $wpdb->get_col(" $postcategories = $wpdb->get_col("
SELECT category_id SELECT category_id
FROM $tablecategories, $tablepost2cat FROM $tablecategories, $tablepost2cat
WHERE $tablepost2cat.category_id = cat_ID AND $tablepost2cat.post_id = $post->ID WHERE $tablepost2cat.category_id = cat_ID AND $tablepost2cat.post_id = '$post->ID'
"); ");
} else { } else {
$postcategories[] = $default; $postcategories[] = $default;
@ -937,8 +937,8 @@ function trackback($trackback_url, $title, $excerpt, $ID) {
*/ */
@fclose($fs); @fclose($fs);
$wpdb->query("UPDATE $tableposts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = $ID"); $wpdb->query("UPDATE $tableposts SET pinged = CONCAT(pinged, '\n', '$tb_url') WHERE ID = '$ID'");
$wpdb->query("UPDATE $tableposts SET to_ping = REPLACE(to_ping, '$tb_url', '') WHERE ID = $ID"); $wpdb->query("UPDATE $tableposts SET to_ping = REPLACE(to_ping, '$tb_url', '') WHERE ID = '$ID'");
return $result; return $result;
} }