[wp-hackers] Plugins using hardcoded table prefix

Ryan Mack rmack005 at gmail.com
Tue Mar 22 01:35:43 GMT 2005


Mark Jaquith wrote:

> Dave Cohen wrote:
>
>> Just a plea from someone who has to support many WP installs.  When
>> creating a plugin, please don't hardcode the WP table prefix, rather
>> get the configured value of the table prefix ($table_prefix) and build
>> off of that.  Its a nice standard to use and I've seen a few times
>> when someone blows away another's settings because of this.
>>
> The only reason I can think of that they'd need the $table_prefix is 
> if they were creating a new table.  For accessing WP's built-in 
> tables, they should be using these:
>
>> // Table names
>> $wpdb->posts            = $table_prefix . 'posts';
>> $wpdb->users            = $table_prefix . 'users';
>> $wpdb->categories       = $table_prefix . 'categories';
>> $wpdb->post2cat         = $table_prefix . 'post2cat';
>> $wpdb->comments         = $table_prefix . 'comments';
>> $wpdb->links            = $table_prefix . 'links';
>> $wpdb->linkcategories   = $table_prefix . 'linkcategories';
>> $wpdb->options          = $table_prefix . 'options';
>> $wpdb->postmeta         = $table_prefix . 'postmeta';
>
>
> Hardcoding the prefix is a very amateurish mistake.  Maybe we should 
> start WordPress University and require degrees before people can 
> release their plugins into the wild.  :-)  Kidding of course, but it 
> might not hurt for there to be a Codex page with "Known good plugin 
> coders," not to imply that everyone else is trusted, but to lend more 
> confidence to people using plugins from the people on the list.
>
> Someone could also start a plugin review service, where they could do 
> a quick scan for such dangerous things as hardcoded table names.
>
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
Perhaps a plug-in development best practices page in the Codex is in 
order?  I know I'd like to have a list of dos and don'ts.


More information about the wp-hackers mailing list