Commit fc8fbb2c authored by Eric Windham's avatar Eric Windham

updated queries to use prepare statements

parent f5d6eead
......@@ -184,9 +184,9 @@ define( [], function() {
// Loop through all the attributes of our actions
for (var prop in action) {
if ( action.hasOwnProperty( prop ) ) {
if ( 'message' == prop ) {
delete action[ prop ];
}
// if ( 'message' == prop ) {
// delete action[ prop ];
// }
//Removing null values
if( null !== action[ prop ] ) {
// Set our settings.prop value.
......
This source diff could not be displayed because it is too large. You can view the blob instead.
This source diff could not be displayed because it is too large. You can view the blob instead.
File mode changed from 100755 to 100644
File mode changed from 100644 to 100755
......@@ -306,11 +306,14 @@ final class WPN_Helper
// If we don't already have the data...
if ( empty( $result ) ) {
// Insert it.
$sql = "INSERT INTO `{$wpdb->prefix}nf3_upgrades` (id, cache, stage) VALUES (" . intval( $id ) . ", '{$cache}', {$CURRENT_STAGE})";
$sql = $wpdb->prepare( "INSERT INTO `{$wpdb->prefix}nf3_upgrades` (id, cache, stage) VALUES (%d, %s, %s)", intval( $id ), $cache, $CURRENT_STAGE);
// $result = $wpdb->query( $wpdb->prepare( "INSERT INTO `$wpdb->prefix` (`option_name`, `option_value`, `autoload`) VALUES
// (%s, %s, %s) ON DUPLICATE KEY UPDATE `option_name` = VALUES(`option_name`), `option_value` = VALUES(`option_value`), `autoload` = VALUES(`autoload`)", $option, $serialized_value, $autoload ) );
} // Otherwise... (We do have the data.)
else {
// Update the existing record.
$sql = "UPDATE `{$wpdb->prefix}nf3_upgrades` SET cache = '{$cache}' WHERE id = " . intval( $id );
$sql = $wpdb->prepare( "UPDATE `{$wpdb->prefix}nf3_upgrades` SET cache = %s WHERE id = %d", $cache, intval( $id ) ) ;
}
$wpdb->query( $sql );
}
......@@ -324,7 +327,7 @@ final class WPN_Helper
*/
public static function delete_nf_cache( $id ) {
global $wpdb;
$sql = "DELETE FROM `{$wpdb->prefix}nf3_upgrades WHERE id = " . intval( $id );
$sql = $wpdb->prepare( "DELETE FROM `{$wpdb->prefix}nf3_upgrades` WHERE id = %d", intval( $id ) );
$wpdb->query( $sql );
delete_option( 'nf_form_' . intval( $id ) );
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment