Skip to:
Content

BuddyPress.org

Changeset 6494


Ignore:
Timestamp:
11/08/2012 07:07:17 PM (11 years ago)
Author:
johnjamesjacoby
Message:

Use prepare() correctly in: bp-xprofile-filters.php.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/bp-xprofile/bp-xprofile-filters.php

    r6342 r6494  
    235235    if ( bp_is_active( 'xprofile' ) ) {
    236236        $fullname_field_id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM {$bp->profile->table_name_fields} WHERE name = %s", bp_xprofile_fullname_field_name() ) );
    237         $user_id_names     = $wpdb->get_results( $wpdb->prepare( "SELECT user_id, value as fullname FROM {$bp->profile->table_name_data} WHERE user_id IN ({$user_ids_sql}) AND field_id = {$fullname_field_id}" ) );
     237        $user_id_names     = $wpdb->get_results( $wpdb->prepare( "SELECT user_id, value as fullname FROM {$bp->profile->table_name_data} WHERE user_id IN ({$user_ids_sql}) AND field_id = %d", $fullname_field_id ) );
    238238
    239239        // Loop through names and override each user's fullname
Note: See TracChangeset for help on using the changeset viewer.