[wp-hackers] A Basic Activity Feed - Is This Efficient?

[J.D. Grimes]

This right here is open to sql injection, as Abdussamad pointed out:

> $activity_calls = $wpdb->get_results('SELECT * FROM ' . $wpdb->prefix .
> 'jo_activity_feed' .' WHERE user_id = '. $author_id .' ORDER BY id ASC');

You should be using $wpdb->prepare():

$activity_calls = $wpdb->get_results( $wpdb->prepare( 'SELECT * FROM ' . $wpdb->prefix .
'jo_activity_feed WHERE user_id = %d ORDER BY id ASC', $author_id ) );

-J.D.