From 3a4570b0fc8b3d6339bef71d17d7701554e0bbf7 Mon Sep 17 00:00:00 2001
From: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>
Date: Fri, 12 Oct 2007 16:21:15 +0000
Subject: Merge with WP 2.3 - testing use only! Move pluggable functions out of
 wpmu-functions and into pluggable.php, fixes #439

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1069 7be80a69-a1ef-0310-a953-fb0f7c49ff36
---
 wp-includes/wp-db.php | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

(limited to 'wp-includes/wp-db.php')

diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index d829cd5..a3fa04e 100644
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -34,6 +34,10 @@ class wpdb {
 	var $optiongroups;
 	var $optiongroup_options;
 	var $postmeta;
+	var $usermeta;
+	var $terms;
+	var $term_taxonomy;
+	var $term_relationships;
 
 	var $charset;
 	var $collate;
@@ -81,7 +85,7 @@ class wpdb {
 	}
 
 	function __destruct() {
-		return true;	
+		return true;
 	}
 
 	/**
@@ -115,6 +119,29 @@ class wpdb {
 			return mysql_real_escape_string( $string, $this->dbh );
 	}
 
+	/**
+	 * Escapes content by reference for insertion into the database, for security
+	 * @param string $s
+	 */
+	function escape_by_ref(&$s) {
+		$s = $this->escape($s);
+	}
+
+	/**
+	 * Prepares a SQL query for safe use, using sprintf() syntax
+	 */
+	function prepare($args=NULL) {
+		if ( NULL === $args )
+			return;
+		$args = func_get_args();
+		$query = array_shift($args);
+		$query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
+		$query = str_replace('"%s"', '%s', $query); // doublequote unquoting
+		$query = str_replace('%s', "'%s'", $query); // quote the strings
+		array_walk($args, array(&$this, 'escape_by_ref'));
+		return @vsprintf($query, $args);
+	}
+
 	// ==================================================================
 	//	Print SQL/DB error.
 
@@ -323,7 +350,9 @@ class wpdb {
 		$this->func_call = "\$db->get_row(\"$query\",$output,$y)";
 		if ( $query )
 			$this->query($query);
-	
+		else
+			return null;
+
 		if ( !isset($this->last_result[$y]) )
 			return null;
 
@@ -348,6 +377,7 @@ class wpdb {
 		if ( $query )
 			$this->query($query);
 
+		$new_array = array();
 		// Extract the column values
 		for ( $i=0; $i < count($this->last_result); $i++ ) {
 			$new_array[$i] = $this->get_var(null, $x, $i);
@@ -366,6 +396,8 @@ class wpdb {
 
 		if ( $query )
 			$this->query($query);
+		else
+			return null;
 
 		// Send back array of objects. Each row is an object
 		if ( $output == OBJECT ) {
-- 
cgit