[buddypress-trac] [BuddyPress] #4654: incorrect usage of $wpdb->prepare()
buddypress-trac
noreply at wordpress.org
Mon Nov 12 21:42:53 UTC 2012
#4654: incorrect usage of $wpdb->prepare()
----------------------------+------------------
Reporter: anointed | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 1.7
Component: All Components | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+------------------
Comment (by companyjuice):
For visitors reading this, the workaround/fix for these is to remove the
$wpdb->prepare(); function that only has 1 string argument, for example,
on line 94 of \wordpress\wp-content\plugins\buddypress\bp-friends\bp-
friends-classes.php:
$friends = $wpdb->get_results( $wpdb->prepare( "SELECT friend_user_id,
initiator_user_id FROM {$bp->friends->table_name} $friend_sql $oc_sql
ORDER BY date_created DESC" ) );
BECOMES:
$friends = $wpdb->get_results( "SELECT friend_user_id, initiator_user_id
FROM {$bp->friends->table_name} $friend_sql $oc_sql ORDER BY date_created
DESC" );
---
Thanks -- Marty McGee (companyjuice)
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4654#comment:17>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list