Commit 83936efa authored by Eric Windham's avatar Eric Windham

added prepare statements to chunking queries

parent fc8fbb2c
......@@ -267,11 +267,11 @@ class NF_Admin_Processes_ChunkPublish extends NF_Abstracts_BatchProcess
// If we don't have one...
if ( empty ( $result ) ) {
// Insert it.
$sql = "INSERT INTO `{$wpdb->prefix}nf3_chunks` (name, value) VALUES ('{$slug}', '" . addslashes( $content ) . "')";
$sql = $wpdb->prepare( "INSERT INTO `{$wpdb->prefix}nf3_chunks` (name, value) VALUES ( %s, %s )", $slug, $content );
} // Otherwise... (We do have one.)
else {
// Update the existing one.
$sql = "UPDATE `{$wpdb->prefix}nf3_chunks` SET value = '" . addslashes( $content ) . "' WHERE name = '{$slug}'";
$sql = $wpdb->prepare( "UPDATE `{$wpdb->prefix}nf3_chunks` SET value = %s WHERE name = %s", $content, $slug );
}
$wpdb->query( $sql );
}
......@@ -282,7 +282,7 @@ class NF_Admin_Processes_ChunkPublish extends NF_Abstracts_BatchProcess
public function remove_option() {
// Remove our option to manage the process.
global $wpdb;
$sql = "DELETE FROM `{$wpdb->prefix}nf3_chunks` WHERE name = 'nf_chunk_publish_" . $this->form_id . "'";
$sql = $wpdb->prepare( "DELETE FROM `{$wpdb->prefix}nf3_chunks` WHERE name = %s", 'nf_chunk_publish_' . $this->form_id );
$wpdb->query( $sql );
// If our form_id was a temp id...
if ( ! is_numeric( $this->form_id ) ) {
......
......@@ -307,9 +307,6 @@ final class WPN_Helper
if ( empty( $result ) ) {
// Insert it.
$sql = $wpdb->prepare( "INSERT INTO `{$wpdb->prefix}nf3_upgrades` (id, cache, stage) VALUES (%d, %s, %s)", intval( $id ), $cache, $CURRENT_STAGE);
// $result = $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->prefix` (`option_name`, `option_value`, `autoload`) VALUES
// (%s, %s, %s) ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`)", $option, $serialized_value, $autoload ) );
} // Otherwise... (We do have the data.)
else {
// Update the existing record.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment