Edit File by line

Deprecated: str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /home/sportsfever/public_html/filemanger/function.php on line 93

Warning: Undefined array key "page_file_edit_line" in /home/sportsfever/public_html/filemanger/edit_text_line.php on line 32
/home/sportsfe.../public_h.../wp-inclu...
File: class-wpdb.php
if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) {
[1000] Fix | Delete
return new WP_Error( 'invalid_db_prefix', 'Invalid database prefix' );
[1001] Fix | Delete
}
[1002] Fix | Delete
[1003] Fix | Delete
$old_prefix = is_multisite() ? '' : $prefix;
[1004] Fix | Delete
[1005] Fix | Delete
if ( isset( $this->base_prefix ) ) {
[1006] Fix | Delete
$old_prefix = $this->base_prefix;
[1007] Fix | Delete
}
[1008] Fix | Delete
[1009] Fix | Delete
$this->base_prefix = $prefix;
[1010] Fix | Delete
[1011] Fix | Delete
if ( $set_table_names ) {
[1012] Fix | Delete
foreach ( $this->tables( 'global' ) as $table => $prefixed_table ) {
[1013] Fix | Delete
$this->$table = $prefixed_table;
[1014] Fix | Delete
}
[1015] Fix | Delete
[1016] Fix | Delete
if ( is_multisite() && empty( $this->blogid ) ) {
[1017] Fix | Delete
return $old_prefix;
[1018] Fix | Delete
}
[1019] Fix | Delete
[1020] Fix | Delete
$this->prefix = $this->get_blog_prefix();
[1021] Fix | Delete
[1022] Fix | Delete
foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) {
[1023] Fix | Delete
$this->$table = $prefixed_table;
[1024] Fix | Delete
}
[1025] Fix | Delete
[1026] Fix | Delete
foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) {
[1027] Fix | Delete
$this->$table = $prefixed_table;
[1028] Fix | Delete
}
[1029] Fix | Delete
}
[1030] Fix | Delete
return $old_prefix;
[1031] Fix | Delete
}
[1032] Fix | Delete
[1033] Fix | Delete
/**
[1034] Fix | Delete
* Sets blog ID.
[1035] Fix | Delete
*
[1036] Fix | Delete
* @since 3.0.0
[1037] Fix | Delete
*
[1038] Fix | Delete
* @param int $blog_id
[1039] Fix | Delete
* @param int $network_id Optional. Network ID. Default 0.
[1040] Fix | Delete
* @return int Previous blog ID.
[1041] Fix | Delete
*/
[1042] Fix | Delete
public function set_blog_id( $blog_id, $network_id = 0 ) {
[1043] Fix | Delete
if ( ! empty( $network_id ) ) {
[1044] Fix | Delete
$this->siteid = $network_id;
[1045] Fix | Delete
}
[1046] Fix | Delete
[1047] Fix | Delete
$old_blog_id = $this->blogid;
[1048] Fix | Delete
$this->blogid = $blog_id;
[1049] Fix | Delete
[1050] Fix | Delete
$this->prefix = $this->get_blog_prefix();
[1051] Fix | Delete
[1052] Fix | Delete
foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) {
[1053] Fix | Delete
$this->$table = $prefixed_table;
[1054] Fix | Delete
}
[1055] Fix | Delete
[1056] Fix | Delete
foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) {
[1057] Fix | Delete
$this->$table = $prefixed_table;
[1058] Fix | Delete
}
[1059] Fix | Delete
[1060] Fix | Delete
return $old_blog_id;
[1061] Fix | Delete
}
[1062] Fix | Delete
[1063] Fix | Delete
/**
[1064] Fix | Delete
* Gets blog prefix.
[1065] Fix | Delete
*
[1066] Fix | Delete
* @since 3.0.0
[1067] Fix | Delete
*
[1068] Fix | Delete
* @param int $blog_id Optional. Blog ID to retrieve the table prefix for.
[1069] Fix | Delete
* Defaults to the current blog ID.
[1070] Fix | Delete
* @return string Blog prefix.
[1071] Fix | Delete
*/
[1072] Fix | Delete
public function get_blog_prefix( $blog_id = null ) {
[1073] Fix | Delete
if ( is_multisite() ) {
[1074] Fix | Delete
if ( null === $blog_id ) {
[1075] Fix | Delete
$blog_id = $this->blogid;
[1076] Fix | Delete
}
[1077] Fix | Delete
[1078] Fix | Delete
$blog_id = (int) $blog_id;
[1079] Fix | Delete
[1080] Fix | Delete
if ( defined( 'MULTISITE' ) && ( 0 === $blog_id || 1 === $blog_id ) ) {
[1081] Fix | Delete
return $this->base_prefix;
[1082] Fix | Delete
} else {
[1083] Fix | Delete
return $this->base_prefix . $blog_id . '_';
[1084] Fix | Delete
}
[1085] Fix | Delete
} else {
[1086] Fix | Delete
return $this->base_prefix;
[1087] Fix | Delete
}
[1088] Fix | Delete
}
[1089] Fix | Delete
[1090] Fix | Delete
/**
[1091] Fix | Delete
* Returns an array of WordPress tables.
[1092] Fix | Delete
*
[1093] Fix | Delete
* Also allows for the `CUSTOM_USER_TABLE` and `CUSTOM_USER_META_TABLE` to override the WordPress users
[1094] Fix | Delete
* and usermeta tables that would otherwise be determined by the prefix.
[1095] Fix | Delete
*
[1096] Fix | Delete
* The `$scope` argument can take one of the following:
[1097] Fix | Delete
*
[1098] Fix | Delete
* - 'all' - returns 'all' and 'global' tables. No old tables are returned.
[1099] Fix | Delete
* - 'blog' - returns the blog-level tables for the queried blog.
[1100] Fix | Delete
* - 'global' - returns the global tables for the installation, returning multisite tables only on multisite.
[1101] Fix | Delete
* - 'ms_global' - returns the multisite global tables, regardless if current installation is multisite.
[1102] Fix | Delete
* - 'old' - returns tables which are deprecated.
[1103] Fix | Delete
*
[1104] Fix | Delete
* @since 3.0.0
[1105] Fix | Delete
* @since 6.1.0 `old` now includes deprecated multisite global tables only on multisite.
[1106] Fix | Delete
*
[1107] Fix | Delete
* @uses wpdb::$tables
[1108] Fix | Delete
* @uses wpdb::$old_tables
[1109] Fix | Delete
* @uses wpdb::$global_tables
[1110] Fix | Delete
* @uses wpdb::$ms_global_tables
[1111] Fix | Delete
* @uses wpdb::$old_ms_global_tables
[1112] Fix | Delete
*
[1113] Fix | Delete
* @param string $scope Optional. Possible values include 'all', 'global', 'ms_global', 'blog',
[1114] Fix | Delete
* or 'old' tables. Default 'all'.
[1115] Fix | Delete
* @param bool $prefix Optional. Whether to include table prefixes. If blog prefix is requested,
[1116] Fix | Delete
* then the custom users and usermeta tables will be mapped. Default true.
[1117] Fix | Delete
* @param int $blog_id Optional. The blog_id to prefix. Used only when prefix is requested.
[1118] Fix | Delete
* Defaults to `wpdb::$blogid`.
[1119] Fix | Delete
* @return string[] Table names. When a prefix is requested, the key is the unprefixed table name.
[1120] Fix | Delete
*/
[1121] Fix | Delete
public function tables( $scope = 'all', $prefix = true, $blog_id = 0 ) {
[1122] Fix | Delete
switch ( $scope ) {
[1123] Fix | Delete
case 'all':
[1124] Fix | Delete
$tables = array_merge( $this->global_tables, $this->tables );
[1125] Fix | Delete
if ( is_multisite() ) {
[1126] Fix | Delete
$tables = array_merge( $tables, $this->ms_global_tables );
[1127] Fix | Delete
}
[1128] Fix | Delete
break;
[1129] Fix | Delete
case 'blog':
[1130] Fix | Delete
$tables = $this->tables;
[1131] Fix | Delete
break;
[1132] Fix | Delete
case 'global':
[1133] Fix | Delete
$tables = $this->global_tables;
[1134] Fix | Delete
if ( is_multisite() ) {
[1135] Fix | Delete
$tables = array_merge( $tables, $this->ms_global_tables );
[1136] Fix | Delete
}
[1137] Fix | Delete
break;
[1138] Fix | Delete
case 'ms_global':
[1139] Fix | Delete
$tables = $this->ms_global_tables;
[1140] Fix | Delete
break;
[1141] Fix | Delete
case 'old':
[1142] Fix | Delete
$tables = $this->old_tables;
[1143] Fix | Delete
if ( is_multisite() ) {
[1144] Fix | Delete
$tables = array_merge( $tables, $this->old_ms_global_tables );
[1145] Fix | Delete
}
[1146] Fix | Delete
break;
[1147] Fix | Delete
default:
[1148] Fix | Delete
return array();
[1149] Fix | Delete
}
[1150] Fix | Delete
[1151] Fix | Delete
if ( $prefix ) {
[1152] Fix | Delete
if ( ! $blog_id ) {
[1153] Fix | Delete
$blog_id = $this->blogid;
[1154] Fix | Delete
}
[1155] Fix | Delete
$blog_prefix = $this->get_blog_prefix( $blog_id );
[1156] Fix | Delete
$base_prefix = $this->base_prefix;
[1157] Fix | Delete
$global_tables = array_merge( $this->global_tables, $this->ms_global_tables );
[1158] Fix | Delete
foreach ( $tables as $k => $table ) {
[1159] Fix | Delete
if ( in_array( $table, $global_tables, true ) ) {
[1160] Fix | Delete
$tables[ $table ] = $base_prefix . $table;
[1161] Fix | Delete
} else {
[1162] Fix | Delete
$tables[ $table ] = $blog_prefix . $table;
[1163] Fix | Delete
}
[1164] Fix | Delete
unset( $tables[ $k ] );
[1165] Fix | Delete
}
[1166] Fix | Delete
[1167] Fix | Delete
if ( isset( $tables['users'] ) && defined( 'CUSTOM_USER_TABLE' ) ) {
[1168] Fix | Delete
$tables['users'] = CUSTOM_USER_TABLE;
[1169] Fix | Delete
}
[1170] Fix | Delete
[1171] Fix | Delete
if ( isset( $tables['usermeta'] ) && defined( 'CUSTOM_USER_META_TABLE' ) ) {
[1172] Fix | Delete
$tables['usermeta'] = CUSTOM_USER_META_TABLE;
[1173] Fix | Delete
}
[1174] Fix | Delete
}
[1175] Fix | Delete
[1176] Fix | Delete
return $tables;
[1177] Fix | Delete
}
[1178] Fix | Delete
[1179] Fix | Delete
/**
[1180] Fix | Delete
* Selects a database using the current or provided database connection.
[1181] Fix | Delete
*
[1182] Fix | Delete
* The database name will be changed based on the current database connection.
[1183] Fix | Delete
* On failure, the execution will bail and display a DB error.
[1184] Fix | Delete
*
[1185] Fix | Delete
* @since 0.71
[1186] Fix | Delete
*
[1187] Fix | Delete
* @param string $db Database name.
[1188] Fix | Delete
* @param mysqli $dbh Optional. Database connection.
[1189] Fix | Delete
* Defaults to the current database handle.
[1190] Fix | Delete
*/
[1191] Fix | Delete
public function select( $db, $dbh = null ) {
[1192] Fix | Delete
if ( is_null( $dbh ) ) {
[1193] Fix | Delete
$dbh = $this->dbh;
[1194] Fix | Delete
}
[1195] Fix | Delete
[1196] Fix | Delete
$success = mysqli_select_db( $dbh, $db );
[1197] Fix | Delete
[1198] Fix | Delete
if ( ! $success ) {
[1199] Fix | Delete
$this->ready = false;
[1200] Fix | Delete
if ( ! did_action( 'template_redirect' ) ) {
[1201] Fix | Delete
wp_load_translations_early();
[1202] Fix | Delete
[1203] Fix | Delete
$message = '<h1>' . __( 'Cannot select database' ) . "</h1>\n";
[1204] Fix | Delete
[1205] Fix | Delete
$message .= '<p>' . sprintf(
[1206] Fix | Delete
/* translators: %s: Database name. */
[1207] Fix | Delete
__( 'The database server could be connected to (which means your username and password is okay) but the %s database could not be selected.' ),
[1208] Fix | Delete
'<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>'
[1209] Fix | Delete
) . "</p>\n";
[1210] Fix | Delete
[1211] Fix | Delete
$message .= "<ul>\n";
[1212] Fix | Delete
$message .= '<li>' . __( 'Are you sure it exists?' ) . "</li>\n";
[1213] Fix | Delete
[1214] Fix | Delete
$message .= '<li>' . sprintf(
[1215] Fix | Delete
/* translators: 1: Database user, 2: Database name. */
[1216] Fix | Delete
__( 'Does the user %1$s have permission to use the %2$s database?' ),
[1217] Fix | Delete
'<code>' . htmlspecialchars( $this->dbuser, ENT_QUOTES ) . '</code>',
[1218] Fix | Delete
'<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>'
[1219] Fix | Delete
) . "</li>\n";
[1220] Fix | Delete
[1221] Fix | Delete
$message .= '<li>' . sprintf(
[1222] Fix | Delete
/* translators: %s: Database name. */
[1223] Fix | Delete
__( 'On some systems the name of your database is prefixed with your username, so it would be like <code>username_%1$s</code>. Could that be the problem?' ),
[1224] Fix | Delete
htmlspecialchars( $db, ENT_QUOTES )
[1225] Fix | Delete
) . "</li>\n";
[1226] Fix | Delete
[1227] Fix | Delete
$message .= "</ul>\n";
[1228] Fix | Delete
[1229] Fix | Delete
$message .= '<p>' . sprintf(
[1230] Fix | Delete
/* translators: %s: Support forums URL. */
[1231] Fix | Delete
__( 'If you do not know how to set up a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href="%s">WordPress support forums</a>.' ),
[1232] Fix | Delete
__( 'https://wordpress.org/support/forums/' )
[1233] Fix | Delete
) . "</p>\n";
[1234] Fix | Delete
[1235] Fix | Delete
$this->bail( $message, 'db_select_fail' );
[1236] Fix | Delete
}
[1237] Fix | Delete
}
[1238] Fix | Delete
}
[1239] Fix | Delete
[1240] Fix | Delete
/**
[1241] Fix | Delete
* Do not use, deprecated.
[1242] Fix | Delete
*
[1243] Fix | Delete
* Use esc_sql() or wpdb::prepare() instead.
[1244] Fix | Delete
*
[1245] Fix | Delete
* @since 2.8.0
[1246] Fix | Delete
* @deprecated 3.6.0 Use wpdb::prepare()
[1247] Fix | Delete
* @see wpdb::prepare()
[1248] Fix | Delete
* @see esc_sql()
[1249] Fix | Delete
*
[1250] Fix | Delete
* @param string $data
[1251] Fix | Delete
* @return string
[1252] Fix | Delete
*/
[1253] Fix | Delete
public function _weak_escape( $data ) {
[1254] Fix | Delete
if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) {
[1255] Fix | Delete
_deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' );
[1256] Fix | Delete
}
[1257] Fix | Delete
return addslashes( $data );
[1258] Fix | Delete
}
[1259] Fix | Delete
[1260] Fix | Delete
/**
[1261] Fix | Delete
* Real escape using mysqli_real_escape_string().
[1262] Fix | Delete
*
[1263] Fix | Delete
* @since 2.8.0
[1264] Fix | Delete
*
[1265] Fix | Delete
* @see mysqli_real_escape_string()
[1266] Fix | Delete
*
[1267] Fix | Delete
* @param string $data String to escape.
[1268] Fix | Delete
* @return string Escaped string.
[1269] Fix | Delete
*/
[1270] Fix | Delete
public function _real_escape( $data ) {
[1271] Fix | Delete
if ( ! is_scalar( $data ) ) {
[1272] Fix | Delete
return '';
[1273] Fix | Delete
}
[1274] Fix | Delete
[1275] Fix | Delete
if ( $this->dbh ) {
[1276] Fix | Delete
$escaped = mysqli_real_escape_string( $this->dbh, $data );
[1277] Fix | Delete
} else {
[1278] Fix | Delete
$class = get_class( $this );
[1279] Fix | Delete
[1280] Fix | Delete
wp_load_translations_early();
[1281] Fix | Delete
/* translators: %s: Database access abstraction class, usually wpdb or a class extending wpdb. */
[1282] Fix | Delete
_doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' );
[1283] Fix | Delete
[1284] Fix | Delete
$escaped = addslashes( $data );
[1285] Fix | Delete
}
[1286] Fix | Delete
[1287] Fix | Delete
return $this->add_placeholder_escape( $escaped );
[1288] Fix | Delete
}
[1289] Fix | Delete
[1290] Fix | Delete
/**
[1291] Fix | Delete
* Escapes data. Works on arrays.
[1292] Fix | Delete
*
[1293] Fix | Delete
* @since 2.8.0
[1294] Fix | Delete
*
[1295] Fix | Delete
* @uses wpdb::_real_escape()
[1296] Fix | Delete
*
[1297] Fix | Delete
* @param string|array $data Data to escape.
[1298] Fix | Delete
* @return string|array Escaped data, in the same type as supplied.
[1299] Fix | Delete
*/
[1300] Fix | Delete
public function _escape( $data ) {
[1301] Fix | Delete
if ( is_array( $data ) ) {
[1302] Fix | Delete
foreach ( $data as $k => $v ) {
[1303] Fix | Delete
if ( is_array( $v ) ) {
[1304] Fix | Delete
$data[ $k ] = $this->_escape( $v );
[1305] Fix | Delete
} else {
[1306] Fix | Delete
$data[ $k ] = $this->_real_escape( $v );
[1307] Fix | Delete
}
[1308] Fix | Delete
}
[1309] Fix | Delete
} else {
[1310] Fix | Delete
$data = $this->_real_escape( $data );
[1311] Fix | Delete
}
[1312] Fix | Delete
[1313] Fix | Delete
return $data;
[1314] Fix | Delete
}
[1315] Fix | Delete
[1316] Fix | Delete
/**
[1317] Fix | Delete
* Do not use, deprecated.
[1318] Fix | Delete
*
[1319] Fix | Delete
* Use esc_sql() or wpdb::prepare() instead.
[1320] Fix | Delete
*
[1321] Fix | Delete
* @since 0.71
[1322] Fix | Delete
* @deprecated 3.6.0 Use wpdb::prepare()
[1323] Fix | Delete
* @see wpdb::prepare()
[1324] Fix | Delete
* @see esc_sql()
[1325] Fix | Delete
*
[1326] Fix | Delete
* @param string|array $data Data to escape.
[1327] Fix | Delete
* @return string|array Escaped data, in the same type as supplied.
[1328] Fix | Delete
*/
[1329] Fix | Delete
public function escape( $data ) {
[1330] Fix | Delete
if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) {
[1331] Fix | Delete
_deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' );
[1332] Fix | Delete
}
[1333] Fix | Delete
if ( is_array( $data ) ) {
[1334] Fix | Delete
foreach ( $data as $k => $v ) {
[1335] Fix | Delete
if ( is_array( $v ) ) {
[1336] Fix | Delete
$data[ $k ] = $this->escape( $v, 'recursive' );
[1337] Fix | Delete
} else {
[1338] Fix | Delete
$data[ $k ] = $this->_weak_escape( $v, 'internal' );
[1339] Fix | Delete
}
[1340] Fix | Delete
}
[1341] Fix | Delete
} else {
[1342] Fix | Delete
$data = $this->_weak_escape( $data, 'internal' );
[1343] Fix | Delete
}
[1344] Fix | Delete
[1345] Fix | Delete
return $data;
[1346] Fix | Delete
}
[1347] Fix | Delete
[1348] Fix | Delete
/**
[1349] Fix | Delete
* Escapes content by reference for insertion into the database, for security.
[1350] Fix | Delete
*
[1351] Fix | Delete
* @uses wpdb::_real_escape()
[1352] Fix | Delete
*
[1353] Fix | Delete
* @since 2.3.0
[1354] Fix | Delete
*
[1355] Fix | Delete
* @param string $data String to escape.
[1356] Fix | Delete
*/
[1357] Fix | Delete
public function escape_by_ref( &$data ) {
[1358] Fix | Delete
if ( ! is_float( $data ) ) {
[1359] Fix | Delete
$data = $this->_real_escape( $data );
[1360] Fix | Delete
}
[1361] Fix | Delete
}
[1362] Fix | Delete
[1363] Fix | Delete
/**
[1364] Fix | Delete
* Quotes an identifier for a MySQL database, e.g. table/field names.
[1365] Fix | Delete
*
[1366] Fix | Delete
* @since 6.2.0
[1367] Fix | Delete
*
[1368] Fix | Delete
* @param string $identifier Identifier to escape.
[1369] Fix | Delete
* @return string Escaped identifier.
[1370] Fix | Delete
*/
[1371] Fix | Delete
public function quote_identifier( $identifier ) {
[1372] Fix | Delete
return '`' . $this->_escape_identifier_value( $identifier ) . '`';
[1373] Fix | Delete
}
[1374] Fix | Delete
[1375] Fix | Delete
/**
[1376] Fix | Delete
* Escapes an identifier value without adding the surrounding quotes.
[1377] Fix | Delete
*
[1378] Fix | Delete
* - Permitted characters in quoted identifiers include the full Unicode
[1379] Fix | Delete
* Basic Multilingual Plane (BMP), except U+0000.
[1380] Fix | Delete
* - To quote the identifier itself, you need to double the character, e.g. `a``b`.
[1381] Fix | Delete
*
[1382] Fix | Delete
* @since 6.2.0
[1383] Fix | Delete
*
[1384] Fix | Delete
* @link https://dev.mysql.com/doc/refman/8.0/en/identifiers.html
[1385] Fix | Delete
*
[1386] Fix | Delete
* @param string $identifier Identifier to escape.
[1387] Fix | Delete
* @return string Escaped identifier.
[1388] Fix | Delete
*/
[1389] Fix | Delete
private function _escape_identifier_value( $identifier ) {
[1390] Fix | Delete
return str_replace( '`', '``', $identifier );
[1391] Fix | Delete
}
[1392] Fix | Delete
[1393] Fix | Delete
/**
[1394] Fix | Delete
* Prepares a SQL query for safe execution.
[1395] Fix | Delete
*
[1396] Fix | Delete
* Uses `sprintf()`-like syntax. The following placeholders can be used in the query string:
[1397] Fix | Delete
*
[1398] Fix | Delete
* - `%d` (integer)
[1399] Fix | Delete
* - `%f` (float)
[1400] Fix | Delete
* - `%s` (string)
[1401] Fix | Delete
* - `%i` (identifier, e.g. table/field names)
[1402] Fix | Delete
*
[1403] Fix | Delete
* All placeholders MUST be left unquoted in the query string. A corresponding argument
[1404] Fix | Delete
* MUST be passed for each placeholder.
[1405] Fix | Delete
*
[1406] Fix | Delete
* Note: There is one exception to the above: for compatibility with old behavior,
[1407] Fix | Delete
* numbered or formatted string placeholders (eg, `%1$s`, `%5s`) will not have quotes
[1408] Fix | Delete
* added by this function, so should be passed with appropriate quotes around them.
[1409] Fix | Delete
*
[1410] Fix | Delete
* Literal percentage signs (`%`) in the query string must be written as `%%`. Percentage wildcards
[1411] Fix | Delete
* (for example, to use in LIKE syntax) must be passed via a substitution argument containing
[1412] Fix | Delete
* the complete LIKE string, these cannot be inserted directly in the query string.
[1413] Fix | Delete
* Also see wpdb::esc_like().
[1414] Fix | Delete
*
[1415] Fix | Delete
* Arguments may be passed as individual arguments to the method, or as a single array
[1416] Fix | Delete
* containing all arguments. A combination of the two is not supported.
[1417] Fix | Delete
*
[1418] Fix | Delete
* Examples:
[1419] Fix | Delete
*
[1420] Fix | Delete
* $wpdb->prepare(
[1421] Fix | Delete
* "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s",
[1422] Fix | Delete
* array( 'foo', 1337, '%bar' )
[1423] Fix | Delete
* );
[1424] Fix | Delete
*
[1425] Fix | Delete
* $wpdb->prepare(
[1426] Fix | Delete
* "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s",
[1427] Fix | Delete
* 'foo'
[1428] Fix | Delete
* );
[1429] Fix | Delete
*
[1430] Fix | Delete
* @since 2.3.0
[1431] Fix | Delete
* @since 5.3.0 Formalized the existing and already documented `...$args` parameter
[1432] Fix | Delete
* by updating the function signature. The second parameter was changed
[1433] Fix | Delete
* from `$args` to `...$args`.
[1434] Fix | Delete
* @since 6.2.0 Added `%i` for identifiers, e.g. table or field names.
[1435] Fix | Delete
* Check support via `wpdb::has_cap( 'identifier_placeholders' )`.
[1436] Fix | Delete
* This preserves compatibility with `sprintf()`, as the C version uses
[1437] Fix | Delete
* `%d` and `$i` as a signed integer, whereas PHP only supports `%d`.
[1438] Fix | Delete
*
[1439] Fix | Delete
* @link https://www.php.net/sprintf Description of syntax.
[1440] Fix | Delete
*
[1441] Fix | Delete
* @param string $query Query statement with `sprintf()`-like placeholders.
[1442] Fix | Delete
* @param array|mixed $args The array of variables to substitute into the query's placeholders
[1443] Fix | Delete
* if being called with an array of arguments, or the first variable
[1444] Fix | Delete
* to substitute into the query's placeholders if being called with
[1445] Fix | Delete
* individual arguments.
[1446] Fix | Delete
* @param mixed ...$args Further variables to substitute into the query's placeholders
[1447] Fix | Delete
* if being called with individual arguments.
[1448] Fix | Delete
* @return string|void Sanitized query string, if there is a query to prepare.
[1449] Fix | Delete
*/
[1450] Fix | Delete
public function prepare( $query, ...$args ) {
[1451] Fix | Delete
if ( is_null( $query ) ) {
[1452] Fix | Delete
return;
[1453] Fix | Delete
}
[1454] Fix | Delete
[1455] Fix | Delete
/*
[1456] Fix | Delete
* This is not meant to be foolproof -- but it will catch obviously incorrect usage.
[1457] Fix | Delete
*
[1458] Fix | Delete
* Note: str_contains() is not used here, as this file can be included
[1459] Fix | Delete
* directly outside of WordPress core, e.g. by HyperDB, in which case
[1460] Fix | Delete
* the polyfills from wp-includes/compat.php are not loaded.
[1461] Fix | Delete
*/
[1462] Fix | Delete
if ( false === strpos( $query, '%' ) ) {
[1463] Fix | Delete
wp_load_translations_early();
[1464] Fix | Delete
_doing_it_wrong(
[1465] Fix | Delete
'wpdb::prepare',
[1466] Fix | Delete
sprintf(
[1467] Fix | Delete
/* translators: %s: wpdb::prepare() */
[1468] Fix | Delete
__( 'The query argument of %s must have a placeholder.' ),
[1469] Fix | Delete
'wpdb::prepare()'
[1470] Fix | Delete
),
[1471] Fix | Delete
'3.9.0'
[1472] Fix | Delete
);
[1473] Fix | Delete
}
[1474] Fix | Delete
[1475] Fix | Delete
/*
[1476] Fix | Delete
* Specify the formatting allowed in a placeholder. The following are allowed:
[1477] Fix | Delete
*
[1478] Fix | Delete
* - Sign specifier, e.g. $+d
[1479] Fix | Delete
* - Numbered placeholders, e.g. %1$s
[1480] Fix | Delete
* - Padding specifier, including custom padding characters, e.g. %05s, %'#5s
[1481] Fix | Delete
* - Alignment specifier, e.g. %05-s
[1482] Fix | Delete
* - Precision specifier, e.g. %.2f
[1483] Fix | Delete
*/
[1484] Fix | Delete
$allowed_format = '(?:[1-9][0-9]*[$])?[-+0-9]*(?: |0|\'.)?[-+0-9]*(?:\.[0-9]+)?';
[1485] Fix | Delete
[1486] Fix | Delete
/*
[1487] Fix | Delete
* If a %s placeholder already has quotes around it, removing the existing quotes
[1488] Fix | Delete
* and re-inserting them ensures the quotes are consistent.
[1489] Fix | Delete
*
[1490] Fix | Delete
* For backward compatibility, this is only applied to %s, and not to placeholders like %1$s,
[1491] Fix | Delete
* which are frequently used in the middle of longer strings, or as table name placeholders.
[1492] Fix | Delete
*/
[1493] Fix | Delete
$query = str_replace( "'%s'", '%s', $query ); // Strip any existing single quotes.
[1494] Fix | Delete
$query = str_replace( '"%s"', '%s', $query ); // Strip any existing double quotes.
[1495] Fix | Delete
[1496] Fix | Delete
// Escape any unescaped percents (i.e. anything unrecognised).
[1497] Fix | Delete
$query = preg_replace( "/%(?:%|$|(?!($allowed_format)?[sdfFi]))/", '%%\\1', $query );
[1498] Fix | Delete
[1499] Fix | Delete
123456...9
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function