fix for PHP Warning: Missing argument 2 for wpdb::prepare()
-
Ubuntu 14.04.5 LTS, PHP 5.5.9-1ubuntu4.20
I got warnings in the Apache error log:
PHP Warning: Missing argument 2 for wpdb::prepare(), called in /var/www/wp-content/plugins/wpdirauth/wpDirAuth.php on line 2163There are two instances of wpdb::prepare() without placeholder. My fix was to replace wpdb::prepare() with string concatenation + esc_sql(). Query would probably be safe even without escaping but it’s nice to be sure.
@@ -2145,7 +2145,7 @@ function wpDirAuth_retrieve_multisite_blog_data(){ global $wpdb; $aryBlogData = array(); - $arySites = $wpdb->get_results($wpdb->prepare('SELECT blog_id FROM '. $wpdb->prefix . 'blogs ORDER BY blog_id')); + $arySites = $wpdb->get_results('SELECT blog_id FROM '. esc_sql($wpdb->prefix) . 'blogs ORDER BY blog_id'); _log('result of arySites: '.PHP_EOL.var_export($arySites,true).PHP_EOL); foreach($arySites as $objSiteData){ $intSiteKey = $objSiteData->blog_id; @@ -2155,7 +2155,7 @@ /** * Wonder if I should do wpdb->get_var here instead? */ - $arySiteData = $wpdb->get_results($wpdb->prepare("SELECT option_value from $strTableName WHERE option_name = 'blogname'"),ARRAY_A); + $arySiteData = $wpdb->get_results("SELECT option_value from ". esc_sql($strTableName) ." WHERE option_name = 'blogname'", ARRAY_A); $aryBlogData[$intSiteKey] = (isset($arySiteData[0]['option_value']) && $arySiteData[0]['option_value'] != '') ? $arySiteData[0]['option_value'] : 'Unable to Retrive Blog Name'; } _log('aryBlogData:'.PHP_EOL.var_export($aryBlogData,true).PHP_EOL);
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘fix for PHP Warning: Missing argument 2 for wpdb::prepare()’ is closed to new replies.
