diff options
Diffstat (limited to 'wp-includes/wp-db.php')
-rw-r--r-- | wp-includes/wp-db.php | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index d829cd5..a3fa04e 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -34,6 +34,10 @@ class wpdb { var $optiongroups; var $optiongroup_options; var $postmeta; + var $usermeta; + var $terms; + var $term_taxonomy; + var $term_relationships; var $charset; var $collate; @@ -81,7 +85,7 @@ class wpdb { } function __destruct() { - return true; + return true; } /** @@ -115,6 +119,29 @@ class wpdb { return mysql_real_escape_string( $string, $this->dbh ); } + /** + * Escapes content by reference for insertion into the database, for security + * @param string $s + */ + function escape_by_ref(&$s) { + $s = $this->escape($s); + } + + /** + * Prepares a SQL query for safe use, using sprintf() syntax + */ + function prepare($args=NULL) { + if ( NULL === $args ) + return; + $args = func_get_args(); + $query = array_shift($args); + $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it + $query = str_replace('"%s"', '%s', $query); // doublequote unquoting + $query = str_replace('%s', "'%s'", $query); // quote the strings + array_walk($args, array(&$this, 'escape_by_ref')); + return @vsprintf($query, $args); + } + // ================================================================== // Print SQL/DB error. @@ -323,7 +350,9 @@ class wpdb { $this->func_call = "\$db->get_row(\"$query\",$output,$y)"; if ( $query ) $this->query($query); - + else + return null; + if ( !isset($this->last_result[$y]) ) return null; @@ -348,6 +377,7 @@ class wpdb { if ( $query ) $this->query($query); + $new_array = array(); // Extract the column values for ( $i=0; $i < count($this->last_result); $i++ ) { $new_array[$i] = $this->get_var(null, $x, $i); @@ -366,6 +396,8 @@ class wpdb { if ( $query ) $this->query($query); + else + return null; // Send back array of objects. Each row is an object if ( $output == OBJECT ) { |