mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-24 09:11:24 +01:00
Add typecasting to wpdb::insert() and update(). Props filosofo. fixes #7171
git-svn-id: http://svn.automattic.com/wordpress/trunk@10724 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
801705a502
commit
551c0c8af9
@ -1499,14 +1499,20 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
|
||||
}
|
||||
|
||||
// expected_slashed (everything!)
|
||||
$data = compact( array( 'post_author', 'post_date', 'post_date_gmt', 'post_content', 'post_content_filtered', 'post_title', 'post_excerpt', 'post_status', 'post_type', 'comment_status', 'ping_status', 'post_password', 'post_name', 'to_ping', 'pinged', 'post_modified', 'post_modified_gmt', 'post_parent', 'menu_order', 'guid' ) );
|
||||
$fields = array( 'post_author' => '%d', 'post_date' => '%s', 'post_date_gmt' => '%s', 'post_content' => '%s', 'post_content_filtered' => '%s', 'post_title' => '%s',
|
||||
'post_excerpt' => '%s', 'post_status' => '%s', 'post_type' => '%s', 'comment_status' => '%s', 'ping_status' => '%s', 'post_password' => '%s', 'post_name' => '%s',
|
||||
'to_ping' => '%s', 'pinged' => '%s', 'post_modified' => '%s', 'post_modified_gmt' => '%s', 'post_parent' => '%d', 'menu_order' => '%d', 'guid' => '%s' );
|
||||
$data = compact( array_keys( $fields) );
|
||||
$data_formats = array_values( $fields );
|
||||
$data = apply_filters('wp_insert_post_data', $data, $postarr);
|
||||
$data = stripslashes_deep( $data );
|
||||
error_log(var_export($data, true));
|
||||
$where = array( 'ID' => $post_ID );
|
||||
$where_formats = array('%d');
|
||||
|
||||
if ( $update ) {
|
||||
do_action( 'pre_post_update', $post_ID );
|
||||
if ( false === $wpdb->update( $wpdb->posts, $data, $where ) ) {
|
||||
if ( false === $wpdb->update( $wpdb->posts, $data, $where, $data_formats, $where_formats ) ) {
|
||||
if ( $wp_error )
|
||||
return new WP_Error('db_update_error', __('Could not update post in the database'), $wpdb->last_error);
|
||||
else
|
||||
@ -1522,7 +1528,7 @@ function wp_insert_post($postarr = array(), $wp_error = false) {
|
||||
$data['ID'] = $import_id;
|
||||
}
|
||||
}
|
||||
if ( false === $wpdb->insert( $wpdb->posts, $data ) ) {
|
||||
if ( false === $wpdb->insert( $wpdb->posts, $data, $data_formats ) ) {
|
||||
if ( $wp_error )
|
||||
return new WP_Error('db_insert_error', __('Could not insert post into the database'), $wpdb->last_error);
|
||||
else
|
||||
|
@ -699,12 +699,19 @@ class wpdb {
|
||||
*
|
||||
* @param string $table WARNING: not sanitized!
|
||||
* @param array $data Should not already be SQL-escaped
|
||||
* @param array|string $format The format of the field values.
|
||||
* @return mixed Results of $this->query()
|
||||
*/
|
||||
function insert($table, $data) {
|
||||
$data = $this->_escape($data);
|
||||
function insert($table, $data, $format = '%s') {
|
||||
$format = (array) $format;
|
||||
$fields = array_keys($data);
|
||||
return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')");
|
||||
$formatted_fields = array();
|
||||
foreach ( $data as $field ) {
|
||||
$form = ( $form = array_shift($format) ) ? $form : $formatted_fields[0];
|
||||
$formatted_fields[] = $form;
|
||||
}
|
||||
$sql = "INSERT INTO $table (`" . implode( '`,`', $fields ) . "`) VALUES ('" . implode( "','", $formatted_fields ) . "')";
|
||||
return $this->query( $this->prepare( $sql, $data) );
|
||||
}
|
||||
|
||||
/**
|
||||
@ -715,21 +722,29 @@ class wpdb {
|
||||
* @param string $table WARNING: not sanitized!
|
||||
* @param array $data Should not already be SQL-escaped
|
||||
* @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized!
|
||||
* @param array|string $format The format of the field values.
|
||||
* @param array|string $where_format The format of the where field values.
|
||||
* @return mixed Results of $this->query()
|
||||
*/
|
||||
function update($table, $data, $where){
|
||||
$data = $this->_escape($data);
|
||||
$bits = $wheres = array();
|
||||
foreach ( (array) array_keys($data) as $k )
|
||||
$bits[] = "`$k` = '$data[$k]'";
|
||||
|
||||
if ( is_array( $where ) )
|
||||
foreach ( $where as $c => $v )
|
||||
$wheres[] = "$c = '" . $this->_escape( $v ) . "'";
|
||||
else
|
||||
function update($table, $data, $where, $format = '%s', $where_format = '%s') {
|
||||
if ( !is_array( $where ) )
|
||||
return false;
|
||||
|
||||
return $this->query( "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres ) );
|
||||
$formats = $format = (array) $format;
|
||||
$bits = $wheres = array();
|
||||
foreach ( (array) array_keys($data) as $k ) {
|
||||
$form = ( $form = array_shift($formats) ) ? $form : $format[0];
|
||||
$bits[] = "`$k` = {$form}";
|
||||
}
|
||||
|
||||
$where_formats = $where_format = (array) $where_format;
|
||||
foreach ( $where as $c => $v ) {
|
||||
$form = ( $form = array_shift($where_formats) ) ? $form : $where_format[0];
|
||||
$wheres[] = "$c = {$form}";
|
||||
}
|
||||
|
||||
$sql = "UPDATE $table SET " . implode( ', ', $bits ) . ' WHERE ' . implode( ' AND ', $wheres );
|
||||
return $this->query( $this->prepare( $sql, array_merge(array_values($data), array_values($where))) );
|
||||
}
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user