Skip to:
Content

bbPress.org


Ignore:
Timestamp:
12/28/2016 04:24:52 AM (9 years ago)
Author:
johnjamesjacoby
Message:

Audit direct query and prepare() usages, and more tightly adhere to best practices.

  • No quotes around directives
  • Avoid concatenation, prefer variable parsing in double-quoted strings
  • Covers converters, helper functions, and tools
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/includes/admin/converters/e107v1.php

    r5951 r6191  
    577577        if ( ! isset( $this->map_userid[ $field ] ) ) {
    578578            if ( ! empty( $this->sync_table ) ) {
    579                 $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT value_id, meta_value FROM ' . $this->sync_table_name . ' WHERE meta_key = "_bbp_old_user_id" AND meta_value = "%s" LIMIT 1', $field ) );
     579                $row = $this->wpdb->get_row( $this->wpdb->prepare( "SELECT value_id, meta_value FROM {$this->sync_table_name} WHERE meta_key = %s AND meta_value = %s LIMIT 1", '_bbp_old_user_id', $field ) );
    580580            } else {
    581                 $row = $this->wpdb->get_row( $this->wpdb->prepare( 'SELECT user_id AS value_id FROM ' . $this->wpdb->usermeta . ' WHERE meta_key = "_bbp_old_user_id" AND meta_value = "%s" LIMIT 1', $field ) );
     581                $row = $this->wpdb->get_row( $this->wpdb->prepare( "SELECT user_id AS value_id FROM {$this->wpdb->usermeta} WHERE meta_key = %s AND meta_value = %s LIMIT 1", '_bbp_old_user_id', $field ) );
    582582            }
    583583
Note: See TracChangeset for help on using the changeset viewer.