[wp-hackers] Plugins using hardcoded table prefix
Ryan Mack
rmack005 at gmail.com
Tue Mar 22 01:35:43 GMT 2005
Mark Jaquith wrote:
> Dave Cohen wrote:
>
>> Just a plea from someone who has to support many WP installs. When
>> creating a plugin, please don't hardcode the WP table prefix, rather
>> get the configured value of the table prefix ($table_prefix) and build
>> off of that. Its a nice standard to use and I've seen a few times
>> when someone blows away another's settings because of this.
>>
> The only reason I can think of that they'd need the $table_prefix is
> if they were creating a new table. For accessing WP's built-in
> tables, they should be using these:
>
>> // Table names
>> $wpdb->posts = $table_prefix . 'posts';
>> $wpdb->users = $table_prefix . 'users';
>> $wpdb->categories = $table_prefix . 'categories';
>> $wpdb->post2cat = $table_prefix . 'post2cat';
>> $wpdb->comments = $table_prefix . 'comments';
>> $wpdb->links = $table_prefix . 'links';
>> $wpdb->linkcategories = $table_prefix . 'linkcategories';
>> $wpdb->options = $table_prefix . 'options';
>> $wpdb->postmeta = $table_prefix . 'postmeta';
>
>
> Hardcoding the prefix is a very amateurish mistake. Maybe we should
> start WordPress University and require degrees before people can
> release their plugins into the wild. :-) Kidding of course, but it
> might not hurt for there to be a Codex page with "Known good plugin
> coders," not to imply that everyone else is trusted, but to lend more
> confidence to people using plugins from the people on the list.
>
> Someone could also start a plugin review service, where they could do
> a quick scan for such dangerous things as hardcoded table names.
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
Perhaps a plug-in development best practices page in the Codex is in
order? I know I'd like to have a list of dos and don'ts.
More information about the wp-hackers
mailing list