[wp-trac] [WordPress Trac] #26114: Auto prepare utilities for wp-db.php

WordPress Trac noreply at wordpress.org
Tue Nov 19 16:55:47 UTC 2013 

#26114: Auto prepare utilities for wp-db.php
-----------------------------+-----------------------------
 Reporter:  dougwollison     |      Owner:
     Type:  feature request  |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Database         |    Version:  trunk
 Severity:  normal           |   Keywords:  dev-feedback
-----------------------------+-----------------------------
 This is a feature I've adapted from my kissMySQL class that I use on non-
 WordPress projects that use a database. It's a handful of non-intrusive
 utility methods to add to the wpdb class.

 Simply put, I personally find it tedious writing this:

 {{{
 $wpdb->get_results( $wpdb->prepare( $query, $args... ) );
 }}}

 I'd prefer to write this:

 {{{
 $wpdb->get_results( $query, $args... );
 }}}

 The idea is any additional arguments are taken to be values to be escaped
 and inserted into the query. It also intelligently detects and shifts/pops
 off the $object argument if it's the first or last one passed in the list.
 So I could easily do this:

 {{{
 $wpdb->get_results( $query, ARRAY_A, $args... );

 // is equal too this

 $wpdb->get_results( $wpdb->prepare( $query, $args... ), ARRAY_A );
 }}}

 Now, my patch however simply adds alternate methods that alias to the
 proper ones after doing the auto preparation. The only real downside is
 that you can't pass x/y args to the get_var/row/col methods. My solution
 would be to add methods like get_var_x_y and get_row_y, but obviously this
 would be too drastic an API change.

 This patch adds the following new methods (naming schemes leave something
 to be desired):

 - auto_prepare()
 - get_var_prepared()
 - get_row_prepared()
 - get_col_prepared()
 - get_results_prepared()

 This patch also adds a few lines to wpdb::query() so it can use the
 auto_prepare method, should multiple arguments be passed to it. Since
 query() only takes one argument, it seemed safe to modify it directly
 rather than create a query_prepared() method.

 In addition, I've had to make some changes to the values of the $object
 constant values; I've appended a random string to the end so as to greatly
 minimize the chance of confusion between what a prepare argument and an
 object format constant. I'd like feedback on this handling in particular
 if possible; pretty sure I'm missing a better way to do this.

 I've tested this and as expected it doesn't appear to cause any problems.
 More testing will be needed of course; I'm applying it to a number of my
 installs to see if anything breaks, but so far so good.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/26114>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list