diff options
| author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-12 16:21:15 +0000 |
|---|---|---|
| committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-12 16:21:15 +0000 |
| commit | 3a4570b0fc8b3d6339bef71d17d7701554e0bbf7 (patch) | |
| tree | 2a06e5261263c68d8afd95a6328879dc289cb909 /wp-includes/wp-db.php | |
| parent | b83c34a7010faee0223f6037025c350da12e05e6 (diff) | |
| download | wordpress-mu-3a4570b0fc8b3d6339bef71d17d7701554e0bbf7.tar.gz wordpress-mu-3a4570b0fc8b3d6339bef71d17d7701554e0bbf7.tar.xz wordpress-mu-3a4570b0fc8b3d6339bef71d17d7701554e0bbf7.zip | |
Merge with WP 2.3 - testing use only!
Move pluggable functions out of wpmu-functions and into pluggable.php, fixes #439
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1069 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-includes/wp-db.php')
| -rw-r--r-- | wp-includes/wp-db.php | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index d829cd5..a3fa04e 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -34,6 +34,10 @@ class wpdb { var $optiongroups; var $optiongroup_options; var $postmeta; + var $usermeta; + var $terms; + var $term_taxonomy; + var $term_relationships; var $charset; var $collate; @@ -81,7 +85,7 @@ class wpdb { } function __destruct() { - return true; + return true; } /** @@ -115,6 +119,29 @@ class wpdb { return mysql_real_escape_string( $string, $this->dbh ); } + /** + * Escapes content by reference for insertion into the database, for security + * @param string $s + */ + function escape_by_ref(&$s) { + $s = $this->escape($s); + } + + /** + * Prepares a SQL query for safe use, using sprintf() syntax + */ + function prepare($args=NULL) { + if ( NULL === $args ) + return; + $args = func_get_args(); + $query = array_shift($args); + $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it + $query = str_replace('"%s"', '%s', $query); // doublequote unquoting + $query = str_replace('%s', "'%s'", $query); // quote the strings + array_walk($args, array(&$this, 'escape_by_ref')); + return @vsprintf($query, $args); + } + // ================================================================== // Print SQL/DB error. @@ -323,7 +350,9 @@ class wpdb { $this->func_call = "\$db->get_row(\"$query\",$output,$y)"; if ( $query ) $this->query($query); - + else + return null; + if ( !isset($this->last_result[$y]) ) return null; @@ -348,6 +377,7 @@ class wpdb { if ( $query ) $this->query($query); + $new_array = array(); // Extract the column values for ( $i=0; $i < count($this->last_result); $i++ ) { $new_array[$i] = $this->get_var(null, $x, $i); @@ -366,6 +396,8 @@ class wpdb { if ( $query ) $this->query($query); + else + return null; // Send back array of objects. Each row is an object if ( $output == OBJECT ) { |