DB table prefix errors | ww.wp.xz.cn

Resolved m_disseny
(@m_disseny)

10 years, 4 months ago
Hi, first of all let me thank you for developing this plugin, just came across with it and looks like what I’m looking for.

However, I found a bug after activation related to table prefixes. I see the plugin contains at least one function which queries directly to “wp_posts” table. This is not correct as table prefix may be (or must be…) changed in config settings for security issues.

The correct approach would be:
```
function stgh_ticket_count_answers($postId) {
        global $wpdb;

        $table_name = $wpdb->prefix . 'posts';

        $query = 'SELECT COUNT(<code>ID</code>) FROM <code>' . $table_name . '</code>
                      WHERE <code>' . $table_name . '</code>.<code>post_parent</code>= ' .$postId. '
                      AND <code>' . $table_name . '</code>.<code>post_status</code> NOT IN ("trash")
                      AND <code>' . $table_name . '</code>.<code>post_type</code>="'. STG_HELPDESK_COMMENTS_POST_TYPE .'"';
```
Further info: http://codex.ww.wp.xz.cn/Class_Reference/wpdb

Thanks a lot!!!

https://ww.wp.xz.cn/plugins/catchers-helpdesk/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author mycatchers
(@mycatchers)

10 years, 4 months ago

Thank you so much for such valuable feedback. We just fixed that issue and will release it in next version.

Plugin Author mycatchers
(@mycatchers)

10 years, 4 months ago

We just release a new version with bug fix. Please take a look.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘DB table prefix errors’ is closed to new replies.

2 replies
2 participants
Last reply from: mycatchers
Last activity: 10 years, 4 months ago
Status: resolved