From d43bd8177c1960076f8ac8e2e4dd17e32b5c8502 Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 6 Mar 2009 04:27:51 +0000 Subject: [PATCH] Use wpdb::insert() and update(). Props DD32. see #6836 git-svn-id: http://svn.automattic.com/wordpress/trunk@10730 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/post.php | 2 +- wp-admin/includes/schema.php | 5 +- wp-admin/includes/upgrade.php | 187 +++++++++++++++++++++++----------- wp-includes/comment.php | 11 +- wp-includes/functions.php | 10 +- wp-includes/pluggable.php | 4 +- wp-includes/post.php | 2 +- wp-includes/taxonomy.php | 2 +- wp-includes/user.php | 13 +-- wp-login.php | 2 +- xmlrpc.php | 2 +- 11 files changed, 151 insertions(+), 89 deletions(-) diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index ad47200176..5c0630c931 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -756,7 +756,7 @@ function _relocate_children( $old_ID, $new_ID ) { global $wpdb; $old_ID = (int) $old_ID; $new_ID = (int) $new_ID; - return $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_parent = %d", $new_ID, $old_ID) ); + return $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('post_parent' => $old_ID) ); } /** diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php index 53f64488f2..4bb49a2771 100644 --- a/wp-admin/includes/schema.php +++ b/wp-admin/includes/schema.php @@ -310,9 +310,8 @@ function populate_options() { // Set up a few options not to load by default $fatoptions = array( 'moderation_keys', 'recently_edited', 'blacklist_keys' ); - foreach ($fatoptions as $fatoption) : - $wpdb->query("UPDATE $wpdb->options SET `autoload` = 'no' WHERE option_name = '$fatoption'"); - endforeach; + foreach ($fatoptions as $fatoption) + $wpdb->update( $wpdb->options, array('autoload' => 'no'), array('option_name' => $fatoption) ); } /** diff --git a/wp-admin/includes/upgrade.php b/wp-admin/includes/upgrade.php index dbd52bdd14..c9e60bd522 100644 --- a/wp-admin/includes/upgrade.php +++ b/wp-admin/includes/upgrade.php @@ -93,52 +93,121 @@ function wp_install_defaults($user_id) { global $wpdb; // Default category - $cat_name = $wpdb->escape(__('Uncategorized')); + $cat_name = __('Uncategorized'); $cat_slug = sanitize_title(_c('Uncategorized|Default category slug')); - $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('1', 'category', '', '0', '1')"); + + $wpdb->insert( $wpdb->terms, array('name' => $cat_name, 'slug' => $cat_slug, 'term_group' => 0) ); + $wpdb->insert( $wpdb->term_taxonomy, array('term_id' => '1', 'taxonomy' => 'category', 'description' => '', 'parent' => 0, 'count' => 1)); // Default link category - $cat_name = $wpdb->escape(__('Blogroll')); + $cat_name = __('Blogroll'); $cat_slug = sanitize_title(_c('Blogroll|Default link category slug')); - $wpdb->query("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES ('$cat_name', '$cat_slug', '0')"); - $wpdb->query("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ('2', 'link_category', '', '0', '7')"); + + $wpdb->insert( $wpdb->terms, array('name' => $cat_name, 'slug' => $cat_slug, 'term_group' => 0) ); + $wpdb->insert( $wpdb->term_taxonomy, array('term_id' => '2', 'taxonomy' => 'link_category', 'description' => '', 'parent' => 0, 'count' => 7)); // Now drop in some default links - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://codex.wordpress.org/', 'Documentation', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 2)" ); + $default_links = array(); + $default_links[] = array( 'link_url' => 'http://codex.wordpress.org/', + 'link_name' => 'Documentation', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' => ''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/development/', 'Development Blog', 0, 'http://wordpress.org/development/feed/', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (2, 2)" ); + $default_links[] = array( 'link_url' => 'http://wordpress.org/development/', + 'link_name' => 'Development Blog', + 'link_category' => 0, + 'link_rss' => 'http://wordpress.org/development/feed/', + 'link_notes' => ''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/ideas/', 'Suggest Ideas', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (3, 2)" ); + $default_links[] = array( 'link_url' => 'http://wordpress.org/extend/ideas/', + 'link_name' => 'Suggest Ideas', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' =>''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/support/', 'Support Forum', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (4, 2)" ); + $default_links[] = array( 'link_url' => 'http://wordpress.org/support/', + 'link_name' => 'Support Forum', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' =>''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/plugins/', 'Plugins', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (5, 2)" ); + $default_links[] = array( 'link_url' => 'http://wordpress.org/extend/plugins/', + 'link_name' => 'Plugins', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' =>''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://wordpress.org/extend/themes/', 'Themes', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (6, 2)" ); + $default_links[] = array( 'link_url' => 'http://wordpress.org/extend/themes/', + 'link_name' => 'Themes', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' =>''); - $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss, link_notes) VALUES ('http://planet.wordpress.org/', 'WordPress Planet', 0, '', '');"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (7, 2)" ); + $default_links[] = array( 'link_url' => 'http://planet.wordpress.org/', + 'link_name' => 'WordPress Planet', + 'link_category' => 0, + 'link_rss' => '', + 'link_notes' =>''); + + foreach ( default_links as $link ) { + $wpdb->insert( $wpdb->links, $link); + $wpdb->insert( $wpdb->term_relationships, array('term_taxonomy_id' => 2, 'object_id' => $wpdb->insert_id) ); + } // First post $now = date('Y-m-d H:i:s'); $now_gmt = gmdate('Y-m-d H:i:s'); $first_post_guid = get_option('home') . '/?p=1'; - $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, comment_count, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(_c('hello-world|Default post slug'))."', '$now', '$now_gmt', '$first_post_guid', '1', '', '', '')"); - $wpdb->query( "INSERT INTO $wpdb->term_relationships (`object_id`, `term_taxonomy_id`) VALUES (1, 1)" ); + + $wpdb->insert( $wpdb->posts, array( + 'post_author' => $user_id, + 'post_date' => $now, + 'post_date_gmt' => $now_gmt, + 'post_content' => __('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'), + 'post_excerpt' => '', + 'post_title' => __('Hello world!'), + 'post_category' => 0, + 'post_name' => _c('hello-world|Default post slug'), + 'post_modified' => $now, + 'post_modified_gmt' => $now_gmt, + 'guid' => $first_post_guid, + 'comment_count' => 1, + 'to_ping' => '', + 'pinged' => '', + 'post_content_filtered' => '' + )); + $wpdb->insert( $wpdb->term_relationships, array('term_taxonomy_id' => 1, 'object_id' => 1) ); // Default comment - $wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org/', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment.
To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.'))."')"); - + $wpdb->insert( $wpdb->comments, array( + 'comment_post_ID' => 1, + 'comment_author' => __('Mr WordPress'), + 'comment_author_email' => '', + 'comment_author_url' => 'http://wordpress.org/', + 'comment_date' => $now, + 'comment_date_gmt' => $now_gmt, + 'comment_content' => __('Hi, this is a comment.
To delete a comment, just log in and view the post's comments. There you will have the option to edit or delete them.') + )); // First Page $first_post_guid = get_option('home') . '/?page_id=2'; - $wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_excerpt, post_title, post_category, post_name, post_modified, post_modified_gmt, guid, post_status, post_type, to_ping, pinged, post_content_filtered) VALUES ($user_id, '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(_c('about|Default page slug'))."', '$now', '$now_gmt','$first_post_guid', 'publish', 'page', '', '', '')"); + $wpdb->insert( $wpdb->posts, array( + 'post_author' => $user_id, + 'post_date' => $now, + 'post_date_gmt' => $now_gmt, + 'post_content' => __('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'), + 'post_excerpt' => '', + 'post_title' => __('About'), + 'post_category' => '', + 'post_name' => _c('about|Default page slug'), + 'post_modified' => $now, + 'post_modified_gmt' => $now_gmt, + 'guid' => $first_post_guid, + 'post_type' => 'page', + 'to_ping' => '', + 'pinged' => '', + 'post_content_filtered' => '' + )); } endif; @@ -306,7 +375,7 @@ function upgrade_100() { foreach ($categories as $category) { if ('' == $category->category_nicename) { $newtitle = sanitize_title($category->cat_name); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->categories SET category_nicename = %s WHERE cat_ID = %d", $newtitle, $category->cat_ID) ); + $wpdb>update( $wpdb->categories, array('category_nicename' => $newtitle), array('cat_ID' => $category->cat_ID) ); } } @@ -330,10 +399,7 @@ function upgrade_100() { // Check to see if it's already been imported $cat = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->post2cat WHERE post_id = %d AND category_id = %d", $post->ID, $post->post_category) ); if (!$cat && 0 != $post->post_category) { // If there's no result - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->post2cat - (post_id, category_id) - VALUES (%s, %s) - ", $post->ID, $post->post_category) ); + $wpdb->insert( $wpdb->post2cat, array('post_id' => $post->ID, 'category_id' => $post->post_category) ); } } endif; @@ -370,14 +436,14 @@ function upgrade_110() { foreach ($users as $user) { if ('' == $user->user_nicename) { $newname = sanitize_title($user->user_nickname); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET user_nicename = %s WHERE ID = %d", $newname, $user->ID) ); + $wpdb->update( $wpdb->users, array('user_nicename' => $newname), array('ID' => $user->ID) ); } } $users = $wpdb->get_results("SELECT ID, user_pass from $wpdb->users"); foreach ($users as $row) { if (!preg_match('/^[A-Fa-f0-9]{32}$/', $row->user_pass)) { - $wpdb->query('UPDATE '.$wpdb->users.' SET user_pass = MD5(\''.$row->user_pass.'\') WHERE ID = \''.$row->ID.'\''); + $wpdb->update( $wpdb->users, array('user_pass' => md5($row->user_pass)), array('ID' => $row->ID) ); } } @@ -437,7 +503,8 @@ function upgrade_130() { else $guid = $post->guid; - $wpdb->query("UPDATE $wpdb->posts SET post_title = '$post_title', post_content = '$post_content', post_excerpt = '$post_excerpt', guid = '$guid' WHERE ID = '$post->ID'"); + $wpdb->update( $wpdb->posts, compact('post_title', 'post_content', 'post_excerpt', 'guid'), array('ID' => $post->ID) ); + } } @@ -445,9 +512,10 @@ function upgrade_130() { $comments = $wpdb->get_results("SELECT comment_ID, comment_author, comment_content FROM $wpdb->comments"); if ($comments) { foreach($comments as $comment) { - $comment_content = addslashes(deslash($comment->comment_content)); - $comment_author = addslashes(deslash($comment->comment_author)); - $wpdb->query("UPDATE $wpdb->comments SET comment_content = '$comment_content', comment_author = '$comment_author' WHERE comment_ID = '$comment->comment_ID'"); + $comment_content = deslash($comment->comment_content); + $comment_author = deslash($comment->comment_author); + + $wpdb->update($wpdb->comments, compact('comment_content', 'comment_author'), array('comment_ID' => $comment->comment_ID) ); } } @@ -455,16 +523,16 @@ function upgrade_130() { $links = $wpdb->get_results("SELECT link_id, link_name, link_description FROM $wpdb->links"); if ($links) { foreach($links as $link) { - $link_name = addslashes(deslash($link->link_name)); - $link_description = addslashes(deslash($link->link_description)); - $wpdb->query("UPDATE $wpdb->links SET link_name = '$link_name', link_description = '$link_description' WHERE link_id = '$link->link_id'"); + $link_name = deslash($link->link_name); + $link_description = deslash($link->link_description); + + $wpdb->update( $wpdb->links, compact('link_name', 'link_description'), array('link_id' => $link->link_id) ); } } // The "paged" option for what_to_show is no more. - if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') { - $wpdb->query("UPDATE $wpdb->options SET option_value = 'posts' WHERE option_name = 'what_to_show'"); - } + if ($wpdb->get_var("SELECT option_value FROM $wpdb->options WHERE option_name = 'what_to_show'") == 'paged') + $wpdb->update( $wpdb->options, array('option_value' => 'posts'), array('option_name' => 'what_to_show') ); $active_plugins = __get_option('active_plugins'); @@ -539,7 +607,7 @@ function upgrade_160() { if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname; if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname; if (!$idmode) $id = $user->user_nickname; - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->users SET display_name = %s WHERE ID = %d", $id, $user->ID) ); + $wpdb->update( $wpdb->users, array('display_name' => $id), array('ID' => $user->ID) ); endif; // FIXME: RESET_CAPS is temporary code to reset roles and caps if flag is set. @@ -559,21 +627,19 @@ function upgrade_160() { // populate comment_count field of posts table $comments = $wpdb->get_results( "SELECT comment_post_ID, COUNT(*) as c FROM $wpdb->comments WHERE comment_approved = '1' GROUP BY comment_post_ID" ); - if( is_array( $comments ) ) { - foreach ($comments as $comment) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET comment_count = %d WHERE ID = %d", $comment->c, $comment->comment_post_ID) ); - } - } + if( is_array( $comments ) ) + foreach ($comments as $comment) + $wpdb->update( $wpdb->posts, array('comment_count' => $comment->c), array('ID' => $comment->comment_post_ID) ); // Some alpha versions used a post status of object instead of attachment and put // the mime type in post_type instead of post_mime_type. if ( $wp_current_db_version > 2541 && $wp_current_db_version <= 3091 ) { $objects = $wpdb->get_results("SELECT ID, post_type FROM $wpdb->posts WHERE post_status = 'object'"); foreach ($objects as $object) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_status = 'attachment', - post_mime_type = %s, - post_type = '' - WHERE ID = %d", $object->post_type, $object->ID) ); + $wpdb->update( $wpdb->posts, array( 'post_status' => 'attachment', + 'post_mime_type' => $object->post_type, + 'post_type' => ''), + array( 'ID' => $object->ID ) ); $meta = get_post_meta($object->ID, 'imagedata', true); if ( ! empty($meta['file']) ) @@ -691,14 +757,14 @@ function upgrade_230() { $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); + $wpdb->insert( $wpdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count') ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } if ( empty($count) ) { $count = 0; $taxonomy = 'category'; - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count) ); + $wpdb->insert( $wpdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count') ); $tt_ids[$term_id][$taxonomy] = (int) $wpdb->insert_id; } } @@ -718,7 +784,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $post_id, $tt_id) ); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => $post_id, 'term_taxonomy_id' => $tt_id) ); } // < 3570 we used linkcategories. >= 3570 we used categories and link2cat. @@ -743,14 +809,14 @@ function upgrade_230() { } if ( empty($term_id) ) { - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->terms (name, slug, term_group) VALUES (%s, %s, %d)", $name, $slug, $term_group) ); + $wpdb->insert( $wpdb->terms, compact('name', 'slug', 'term_group') ); $term_id = (int) $wpdb->insert_id; } $link_cat_id_map[$cat_id] = $term_id; $default_link_cat = $term_id; - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_taxonomy (term_id, taxonomy, description, parent, count) VALUES (%d, 'link_category', '', '0', '0')", $term_id) ); + $wpdb->insert( $wpdb->term_taxonomy, array('term_id' => $term_id, 'taxonomy' => 'link_category', 'description' => '', 'parent' => 0, 'count' => 0) ); $tt_ids[$term_id] = (int) $wpdb->insert_id; } @@ -766,7 +832,7 @@ function upgrade_230() { if ( empty($tt_id) ) continue; - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link->link_id, $tt_id) ); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => $link->link_id, 'term_taxonomy_id' => $tt_id) ); } // Set default to the last category we grabbed during the upgrade loop. @@ -780,8 +846,7 @@ function upgrade_230() { $tt_id = $tt_ids[$term_id][$taxonomy]; if ( empty($tt_id) ) continue; - - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->term_relationships (object_id, term_taxonomy_id) VALUES ( %d, %d)", $link_id, $tt_id) ); + $wpdb->insert( $wpdb->term_relationships, array('object_id' => $link_id, 'term_taxonomy_id' => $tt_id) ); } } @@ -797,7 +862,7 @@ function upgrade_230() { $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships, $wpdb->posts WHERE $wpdb->posts.ID = $wpdb->term_relationships.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id) ); else $count = $wpdb->get_var( $wpdb->prepare("SELECT COUNT(*) FROM $wpdb->term_relationships WHERE term_taxonomy_id = %d", $term->term_taxonomy_id) ); - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->term_taxonomy SET count = %d WHERE term_taxonomy_id = %d", $count, $term->term_taxonomy_id) ); + $wpdb->update( $wpdb->term_taxonomy, array('count' => $count), array('term_taxonomy_id' => $term->term_taxonomy_id) ); } } diff --git a/wp-includes/comment.php b/wp-includes/comment.php index fc8cc2e2a2..fa27a62b92 100644 --- a/wp-includes/comment.php +++ b/wp-includes/comment.php @@ -1020,19 +1020,20 @@ function wp_new_comment( $commentdata ) { function wp_set_comment_status($comment_id, $comment_status, $wp_error = false) { global $wpdb; + $status = '0'; switch ( $comment_status ) { case 'hold': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='0' WHERE comment_ID = %d LIMIT 1", $comment_id); + $status = '0'; break; case 'approve': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='1' WHERE comment_ID = %d LIMIT 1", $comment_id); + $status = '1'; if ( get_option('comments_notify') ) { $comment = get_comment($comment_id); wp_notify_postauthor($comment_id, $comment->comment_type); } break; case 'spam': - $query = $wpdb->prepare("UPDATE $wpdb->comments SET comment_approved='spam' WHERE comment_ID = %d LIMIT 1", $comment_id); + $status = 'spam'; break; case 'delete': return wp_delete_comment($comment_id); @@ -1041,7 +1042,7 @@ function wp_set_comment_status($comment_id, $comment_status, $wp_error = false) return false; } - if ( !$wpdb->query($query) ) { + if ( !$wpdb->update( $wpdb->comments, array('comment_approved' => $status), array('comment_ID' => $comment_id) ) ) { if ( $wp_error ) return new WP_Error('db_update_error', __('Could not update comment status'), $wpdb->last_error); else @@ -1350,7 +1351,7 @@ function do_trackbacks($post_id) { $to_ping = get_to_ping($post_id); $pinged = get_pung($post_id); if ( empty($to_ping) ) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET to_ping = '' WHERE ID = %d", $post_id) ); + $wpdb->update($wpdb->posts, array('to_ping' => ''), array('ID' => $post_id) ); return; } diff --git a/wp-includes/functions.php b/wp-includes/functions.php index 76065af0aa..4e2d352a64 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -517,7 +517,8 @@ function update_option( $option_name, $newvalue ) { wp_cache_set( $option_name, $newvalue, 'options' ); } - $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->options SET option_value = %s WHERE option_name = %s", $newvalue, $option_name ) ); + $wpdb->update($wpdb->options, array('option_value' => $newvalue), array('option_name' => $option_name) ); + if ( $wpdb->rows_affected == 1 ) { do_action( "update_option_{$option_name}", $oldvalue, $_newvalue ); return true; @@ -584,7 +585,7 @@ function add_option( $name, $value = '', $deprecated = '', $autoload = 'yes' ) { wp_cache_set( 'notoptions', $notoptions, 'options' ); } - $wpdb->query( $wpdb->prepare( "INSERT INTO $wpdb->options (option_name, option_value, autoload) VALUES (%s, %s, %s)", $name, $value, $autoload ) ); + $wpdb->insert($wpdb->options, array('option_name' => $name, 'option_value' => $value, 'autoload' => $autoload) ); do_action( "add_option_{$name}", $name, $value ); return; @@ -1090,12 +1091,11 @@ function do_enclose( $content, $post_ID ) { if ( $url != '' && !$wpdb->get_var( $wpdb->prepare( "SELECT post_id FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = 'enclosure' AND meta_value LIKE (%s)", $post_ID, $url . '%' ) ) ) { if ( $headers = wp_get_http_headers( $url) ) { $len = (int) $headers['content-length']; - $type = $wpdb->escape( $headers['content-type'] ); + $type = $headers['content-type']; $allowed_types = array( 'video', 'audio' ); if ( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) { $meta_value = "$url\n$len\n$type\n"; - $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->postmeta` ( `post_id` , `meta_key` , `meta_value` ) - VALUES ( %d, 'enclosure' , %s)", $post_ID, $meta_value ) ); + $wpdb->insert($wpdb->postmeta, array('post_id' => $post_ID, 'meta_key' => 'enclosure', 'meta_value' => $meta_value) ); } } } diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 1b37193d76..9a56de8807 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -1458,8 +1458,8 @@ function wp_set_password( $password, $user_id ) { global $wpdb; $hash = wp_hash_password($password); - $query = $wpdb->prepare("UPDATE $wpdb->users SET user_pass = %s, user_activation_key = '' WHERE ID = %d", $hash, $user_id); - $wpdb->query($query); + $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) ); + wp_cache_delete($user_id, 'users'); } endif; diff --git a/wp-includes/post.php b/wp-includes/post.php index accc3415c8..d93cffc20c 100644 --- a/wp-includes/post.php +++ b/wp-includes/post.php @@ -424,7 +424,7 @@ function set_post_type( $post_id = 0, $post_type = 'post' ) { global $wpdb; $post_type = sanitize_post_field('post_type', $post_type, $post_id, 'db'); - $return = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_type = %s WHERE ID = %d", $post_type, $post_id) ); + $return = $wpdb->update($wpdb->posts, array('post_type' => $post_type), array('ID' => $post_id) ); if ( 'page' == $post_type ) clean_page_cache($post_id); diff --git a/wp-includes/taxonomy.php b/wp-includes/taxonomy.php index f1425fe9e0..cbdfea2a85 100644 --- a/wp-includes/taxonomy.php +++ b/wp-includes/taxonomy.php @@ -1329,7 +1329,7 @@ function wp_insert_term( $term, $taxonomy, $args = array() ) { } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; - $wpdb->query( $wpdb->prepare( "UPDATE $wpdb->terms SET term_group = %d WHERE term_id = %d", $term_group, $alias->term_id ) ); + $wpdb->update($wpdb->terms, compact('term_group'), array('term_id' => $alias->term_id) ); } } diff --git a/wp-includes/user.php b/wp-includes/user.php index 9eef8dc21e..1b8d53abfa 100644 --- a/wp-includes/user.php +++ b/wp-includes/user.php @@ -399,15 +399,12 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) { } $cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) ); - if ( !$cur ) { - $wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value ) - VALUES - ( %d, %s, %s )", $user_id, $meta_key, $meta_value) ); - } else if ( $cur->meta_value != $meta_value ) { - $wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) ); - } else { + if ( !$cur ) + $wpdb->insert($wpdb->usermeta, compact('user_id', 'meta_key', 'meta_value') ); + else if ( $cur->meta_value != $meta_value ) + $wpdb->update($wpdb->usermeta, compact('meta_value'), compact('user_id', 'meta_key') ); + else return false; - } wp_cache_delete($user_id, 'users'); diff --git a/wp-login.php b/wp-login.php index a61cbeccaf..b912d4e566 100644 --- a/wp-login.php +++ b/wp-login.php @@ -140,7 +140,7 @@ function retrieve_password() { $key = wp_generate_password(20, false); do_action('retrieve_password_key', $user_login, $key); // Now insert the new md5 key into the db - $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); + $wpdb->update($wpdb->users, array('user_activation_key' => $key), array('user_login' => $user_login)); } $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; $message .= get_option('siteurl') . "\r\n\r\n"; diff --git a/xmlrpc.php b/xmlrpc.php index 80d461c8de..79e0c2446d 100644 --- a/xmlrpc.php +++ b/xmlrpc.php @@ -2273,7 +2273,7 @@ class wp_xmlrpc_server extends IXR_Server { if( is_array( $attachments ) ) { foreach( $attachments as $file ) { if( strpos( $post_content, $file->guid ) !== false ) { - $wpdb->query( $wpdb->prepare("UPDATE {$wpdb->posts} SET post_parent = %d WHERE ID = %d", $post_ID, $file->ID) ); + $wpdb->update($wpdb->posts, array('post_parent' => $post_ID), array('ID' => $file->ID) ); } } }