Changeset 6557

Timestamp:

12/04/2012 12:03:40 PM (13 years ago)

Author:

djpaul

Message:

Fix alot of WPDB->Prepare() warnings in the 1.6 branch. See #4654

Location:

branches/1.6

Files:

• bp-activity/bp-activity-classes.php (modified) (8 diffs)
• bp-blogs/bp-blogs-classes.php (modified) (4 diffs)
• bp-blogs/bp-blogs-functions.php (modified) (1 diff)
• bp-core/admin/bp-core-functions.php (modified) (1 diff)
• bp-core/bp-core-cache.php (modified) (1 diff)
• bp-core/bp-core-classes.php (modified) (1 diff)
• bp-core/bp-core-filters.php (modified) (1 diff)
• bp-core/bp-core-functions.php (modified) (1 diff)
• bp-core/bp-core-options.php (modified) (1 diff)
• bp-forums/bp-forums-filters.php (modified) (2 diffs)
• bp-forums/bp-forums-functions.php (modified) (4 diffs)
• bp-friends/bp-friends-classes.php (modified) (3 diffs)
• bp-groups/bp-groups-classes.php (modified) (7 diffs)
• bp-members/bp-members-functions.php (modified) (2 diffs)
• bp-messages/bp-messages-classes.php (modified) (7 diffs)
• bp-xprofile/bp-xprofile-classes.php (modified) (5 diffs)

branches/1.6/bp-activity/bp-activity-classes.php

@@ -217 +217 @@
 
         if ( !empty( $the_index ) ) {
-            $index_hint_sql = $wpdb->prepare( "USE INDEX ({$the_index})" ); 
+            $index_hint_sql = "USE INDEX ({$the_index})";
         } else {
             $index_hint_sql = '';
@@ -229 +229 @@
 
             $pag_sql    = $wpdb->prepare( "LIMIT %d, %d", absint( ( $page - 1 ) * $per_page ), $per_page );
-            $activities = $wpdb->get_results( apply_filters( 'bp_activity_get_user_join_filter', $wpdb->prepare( "{$select_sql} {$from_sql} {$where_sql} ORDER BY a.date_recorded {$sort} {$pag_sql}" ), $select_sql, $from_sql, $where_sql, $sort, $pag_sql ) );
+            $activities = $wpdb->get_results( apply_filters( 'bp_activity_get_user_join_filter', "{$select_sql} {$from_sql} {$where_sql} ORDER BY a.date_recorded {$sort} {$pag_sql}", $select_sql, $from_sql, $where_sql, $sort, $pag_sql ) );
         } else {
-            $activities = $wpdb->get_results( apply_filters( 'bp_activity_get_user_join_filter', $wpdb->prepare( "{$select_sql} {$from_sql} {$where_sql} ORDER BY a.date_recorded {$sort}" ), $select_sql, $from_sql, $where_sql, $sort ) );
-        }
-
-        $total_activities_sql = apply_filters( 'bp_activity_total_activities_sql', $wpdb->prepare( "SELECT count(a.id) FROM {$bp->activity->table_name} a {$index_hint_sql} {$where_sql} ORDER BY a.date_recorded {$sort}" ), $where_sql, $sort );
+            $activities = $wpdb->get_results( apply_filters( 'bp_activity_get_user_join_filter', "{$select_sql} {$from_sql} {$where_sql} ORDER BY a.date_recorded {$sort}", $select_sql, $from_sql, $where_sql, $sort ) );
+        }
+
+        $total_activities_sql = apply_filters( 'bp_activity_total_activities_sql', "SELECT count(a.id) FROM {$bp->activity->table_name} a {$index_hint_sql} {$where_sql} ORDER BY a.date_recorded {$sort}", $where_sql, $sort );
 
         $total_activities = $wpdb->get_var( $total_activities_sql );
@@ -248 +248 @@
             $activity_user_ids = implode( ',', array_unique( (array) $activity_user_ids ) );
             if ( !empty( $activity_user_ids ) ) {
-                if ( $names = $wpdb->get_results( $wpdb->prepare( "SELECT user_id, value AS user_fullname FROM {$bp->profile->table_name_data} WHERE field_id = 1 AND user_id IN ({$activity_user_ids})" ) ) ) {
+                if ( $names = $wpdb->get_results( "SELECT user_id, value AS user_fullname FROM {$bp->profile->table_name_data} WHERE field_id = 1 AND user_id IN ({$activity_user_ids})" ) ) {
                     foreach ( (array) $names as $name )
                         $tmp_names[$name->user_id] = $name->user_fullname;
@@ -402 +402 @@
 
         // Fetch the activity IDs so we can delete any comments for this activity item
-        $activity_ids = $wpdb->get_col( $wpdb->prepare( "SELECT id FROM {$bp->activity->table_name} {$where_sql}" ) );
-
-        if ( !$wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->activity->table_name} {$where_sql}" ) ) )
+        $activity_ids = $wpdb->get_col( "SELECT id FROM {$bp->activity->table_name} {$where_sql}" );
+
+        if ( !$wpdb->query( "DELETE FROM {$bp->activity->table_name} {$where_sql}" ) )
             return false;
 
@@ -425 +425 @@
             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
 
-        return $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->activity->table_name} WHERE type = 'activity_comment' AND item_id IN ({$activity_ids})" ) );
+        return $wpdb->query( "DELETE FROM {$bp->activity->table_name} WHERE type = 'activity_comment' AND item_id IN ({$activity_ids})" );
     }
 
@@ -436 +436 @@
             $activity_ids = implode ( ',', array_map( 'absint', explode ( ',', $activity_ids ) ) );
 
-        return $wpdb->query( $wpdb->prepare( "DELETE FROM {$bp->activity->table_name_meta} WHERE activity_id IN ({$activity_ids})" ) );
+        return $wpdb->query( "DELETE FROM {$bp->activity->table_name_meta} WHERE activity_id IN ({$activity_ids})" );
     }
 
@@ -561 +561 @@
         global $wpdb, $bp;
 
-        return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT component FROM {$bp->activity->table_name} ORDER BY component ASC" ) );
+        return $wpdb->get_col( "SELECT DISTINCT component FROM {$bp->activity->table_name} ORDER BY component ASC" );
     }
 
@@ -648 +648 @@
         global $bp, $wpdb;
 
-        return $wpdb->get_var( $wpdb->prepare( "SELECT date_recorded FROM {$bp->activity->table_name} ORDER BY date_recorded DESC LIMIT 1" ) );
+        return $wpdb->get_var( "SELECT date_recorded FROM {$bp->activity->table_name} ORDER BY date_recorded DESC LIMIT 1" );
     }
 

branches/1.6/bp-blogs/bp-blogs-classes.php

@@ -114 +114 @@
             $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2 WHERE b.blog_id = wb.blog_id AND bm.blog_id = b.blog_id AND bm2.blog_id = b.blog_id AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'name' AND bm2.meta_key = 'description' AND ( bm.meta_value LIKE '%%$filter%%' || bm2.meta_value LIKE '%%$filter%%' ) {$user_sql}" );
         } else {
-            $paged_blogs = $wpdb->get_results( $wpdb->prepare( "SELECT b.blog_id, b.user_id as admin_user_id, u.user_email as admin_user_email, wb.domain, wb.path, bm.meta_value as last_activity, bm2.meta_value as name FROM {$bp->blogs->table_name} b, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2, {$wpdb->base_prefix}blogs wb, {$wpdb->users} u WHERE b.blog_id = wb.blog_id AND b.user_id = u.ID AND b.blog_id = bm.blog_id AND b.blog_id = bm2.blog_id {$user_sql} AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'last_activity' AND bm2.meta_key = 'name' GROUP BY b.blog_id {$order_sql} {$pag_sql}" ) );
-            $total_blogs = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb WHERE b.blog_id = wb.blog_id {$user_sql} AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql}" ) );
+            $paged_blogs = $wpdb->get_results( "SELECT b.blog_id, b.user_id as admin_user_id, u.user_email as admin_user_email, wb.domain, wb.path, bm.meta_value as last_activity, bm2.meta_value as name FROM {$bp->blogs->table_name} b, {$bp->blogs->table_name_blogmeta} bm, {$bp->blogs->table_name_blogmeta} bm2, {$wpdb->base_prefix}blogs wb, {$wpdb->users} u WHERE b.blog_id = wb.blog_id AND b.user_id = u.ID AND b.blog_id = bm.blog_id AND b.blog_id = bm2.blog_id {$user_sql} AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql} AND bm.meta_key = 'last_activity' AND bm2.meta_key = 'name' GROUP BY b.blog_id {$order_sql} {$pag_sql}" );
+            $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b, {$wpdb->base_prefix}blogs wb WHERE b.blog_id = wb.blog_id {$user_sql} AND wb.archived = '0' AND wb.spam = 0 AND wb.mature = 0 AND wb.deleted = 0 {$hidden_sql}" );
         }
 
@@ -231 +231 @@
         $pag_sql = ( $limit && $page ) ? $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) ) : '';
 
-        $paged_blogs = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT b.blog_id FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 {$hidden_sql} {$pag_sql}" ) );
-        $total_blogs = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 {$hidden_sql}" ) );
+        $paged_blogs = $wpdb->get_results( "SELECT DISTINCT b.blog_id FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 {$hidden_sql} {$pag_sql}" );
+        $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT b.blog_id) FROM {$bp->blogs->table_name} b LEFT JOIN {$wpdb->base_prefix}blogs wb ON b.blog_id = wb.blog_id WHERE wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 {$hidden_sql}" );
 
         return array( 'blogs' => $paged_blogs, 'total' => $total_blogs );
@@ -248 +248 @@
             $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
 
-        $paged_blogs = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT bm.blog_id FROM {$bp->blogs->table_name_blogmeta} bm LEFT JOIN {$wpdb->base_prefix}blogs wb ON bm.blog_id = wb.blog_id WHERE bm.meta_key = 'name' AND bm.meta_value LIKE '$letter%%' {$hidden_sql} AND wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 ORDER BY bm.meta_value ASC{$pag_sql}" ) );
-        $total_blogs = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT bm.blog_id) FROM {$bp->blogs->table_name_blogmeta} bm LEFT JOIN {$wpdb->base_prefix}blogs wb ON bm.blog_id = wb.blog_id WHERE bm.meta_key = 'name' AND bm.meta_value LIKE '$letter%%' {$hidden_sql} AND wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 ORDER BY bm.meta_value ASC" ) );
+        $paged_blogs = $wpdb->get_results( "SELECT DISTINCT bm.blog_id FROM {$bp->blogs->table_name_blogmeta} bm LEFT JOIN {$wpdb->base_prefix}blogs wb ON bm.blog_id = wb.blog_id WHERE bm.meta_key = 'name' AND bm.meta_value LIKE '$letter%%' {$hidden_sql} AND wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 ORDER BY bm.meta_value ASC{$pag_sql}" );
+        $total_blogs = $wpdb->get_var( "SELECT COUNT(DISTINCT bm.blog_id) FROM {$bp->blogs->table_name_blogmeta} bm LEFT JOIN {$wpdb->base_prefix}blogs wb ON bm.blog_id = wb.blog_id WHERE bm.meta_key = 'name' AND bm.meta_value LIKE '$letter%%' {$hidden_sql} AND wb.mature = 0 AND wb.spam = 0 AND wb.archived = '0' AND wb.deleted = 0 ORDER BY bm.meta_value ASC" );
 
         return array( 'blogs' => $paged_blogs, 'total' => $total_blogs );
@@ -266 +266 @@
 
         /* Fetch the blog description for each blog (as it may be empty we can't fetch it in the main query). */
-        $blog_descs = $wpdb->get_results( $wpdb->prepare( "SELECT blog_id, meta_value as description FROM {$bp->blogs->table_name_blogmeta} WHERE meta_key = 'description' AND blog_id IN ( {$blog_ids} )" ) );
+        $blog_descs = $wpdb->get_results( "SELECT blog_id, meta_value as description FROM {$bp->blogs->table_name_blogmeta} WHERE meta_key = 'description' AND blog_id IN ( {$blog_ids} )" );
 
         for ( $i = 0, $count = count( $paged_blogs ); $i < $count; ++$i ) {

branches/1.6/bp-blogs/bp-blogs-functions.php

@@ -50 +50 @@
 
     if ( is_multisite() )
-        $blog_ids = $wpdb->get_col( $wpdb->prepare( "SELECT blog_id FROM {$wpdb->base_prefix}blogs WHERE mature = 0 AND spam = 0 AND deleted = 0" ) );
+        $blog_ids = $wpdb->get_col( "SELECT blog_id FROM {$wpdb->base_prefix}blogs WHERE mature = 0 AND spam = 0 AND deleted = 0" );
     else
         $blog_ids = 1;

branches/1.6/bp-core/admin/bp-core-functions.php

@@ -218 +218 @@
      */
     if ( bp_is_active( 'blogs' ) ) {
-        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(*) FROM {$bp->blogs->table_name}" ) );
+        $count = $wpdb->get_var( "SELECT COUNT(*) FROM {$bp->blogs->table_name}" );
 
         if ( empty( $count ) ) {

branches/1.6/bp-core/bp-core-cache.php

@@ -103 +103 @@
     // Get meta info
     $id_list   = join( ',', $object_ids );
-    $meta_list = $wpdb->get_results( $wpdb->prepare( "SELECT $object_column, meta_key, meta_value FROM $meta_table WHERE $object_column IN ($id_list)" ), ARRAY_A );
+    $meta_list = $wpdb->get_results( "SELECT $object_column, meta_key, meta_value FROM $meta_table WHERE $object_column IN ($id_list)", ARRAY_A );
 
     if ( !empty( $meta_list ) ) {

branches/1.6/bp-core/bp-core-classes.php

@@ -465 +465 @@
         $status_sql = bp_core_get_status_sql();
 
-        $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', $wpdb->prepare( "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) " ), $wpdb->escape( $user_ids ) );
-        $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', $wpdb->prepare( "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) {$pag_sql}" ), $wpdb->escape( $user_ids ) );
+        $total_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT COUNT(DISTINCT ID) FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) ", $wpdb->escape( $user_ids ) );
+        $paged_users_sql = apply_filters( 'bp_core_get_specific_users_count_sql', "SELECT DISTINCT ID as id, user_registered, user_nicename, user_login, user_email FROM {$wpdb->users} WHERE {$status_sql} AND ID IN ( " . $wpdb->escape( $user_ids ) . " ) {$pag_sql}", $wpdb->escape( $user_ids ) );
 
         $total_users = $wpdb->get_var( $total_users_sql );

branches/1.6/bp-core/bp-core-filters.php

@@ -96 +96 @@
     $user_ids = implode( ',', $user_ids );
 
-    if ( !$userdata = $wpdb->get_results( $wpdb->prepare( "SELECT ID as user_id, user_login, user_nicename FROM {$wpdb->users} WHERE ID IN ({$user_ids})" ) ) )
+    if ( !$userdata = $wpdb->get_results( "SELECT ID as user_id, user_login, user_nicename FROM {$wpdb->users} WHERE ID IN ({$user_ids})" ) )
         return $comments;
 

branches/1.6/bp-core/bp-core-functions.php

@@ -174 +174 @@
         $posts_table_name = bp_is_multiblog_mode() ? $wpdb->posts : $wpdb->get_blog_prefix( bp_get_root_blog_id() ) . 'posts';
         $page_ids_sql     = implode( ',', (array) $page_ids );
-        $page_names       = $wpdb->get_results( $wpdb->prepare( "SELECT ID, post_name, post_parent, post_title FROM {$posts_table_name} WHERE ID IN ({$page_ids_sql}) AND post_status = 'publish' " ) );
+        $page_names       = $wpdb->get_results( "SELECT ID, post_name, post_parent, post_title FROM {$posts_table_name} WHERE ID IN ({$page_ids_sql}) AND post_status = 'publish' " );
 
         foreach ( (array) $page_ids as $component_id => $page_id ) {

branches/1.6/bp-core/bp-core-options.php

@@ -291 +291 @@
     $blog_options_keys      = "'" . join( "', '", (array) $root_blog_option_keys ) . "'";
     $blog_options_table     = bp_is_multiblog_mode() ? $wpdb->options : $wpdb->get_blog_prefix( bp_get_root_blog_id() ) . 'options';
-    $blog_options_query     = $wpdb->prepare( "SELECT option_name AS name, option_value AS value FROM {$blog_options_table} WHERE option_name IN ( {$blog_options_keys} )" );
+    $blog_options_query     = "SELECT option_name AS name, option_value AS value FROM {$blog_options_table} WHERE option_name IN ( {$blog_options_keys} )";
     $root_blog_options_meta = $wpdb->get_results( $blog_options_query );
 

branches/1.6/bp-forums/bp-forums-filters.php

@@ -158 +158 @@
     global $wpdb;
 
-    $sql = $wpdb->prepare( "DISTINCT t.topic_id, " );
+    $sql = "DISTINCT t.topic_id, ";
 
     return $sql;
@@ -179 +179 @@
     global $bbdb, $wpdb;
 
-    $sql .= $wpdb->prepare( " LEFT JOIN $bbdb->posts p ON p.topic_id = t.topic_id " );
+    $sql .= " LEFT JOIN $bbdb->posts p ON p.topic_id = t.topic_id ";
 
     return $sql;

branches/1.6/bp-forums/bp-forums-functions.php

@@ -471 +471 @@
 
     // Fetch the topic's last poster details
-    $poster_details = $wpdb->get_results( $wpdb->prepare( "SELECT t.topic_id, t.topic_last_poster, u.user_login, u.user_nicename, u.user_email, u.display_name FROM {$wpdb->users} u, {$bbdb->topics} t WHERE u.ID = t.topic_last_poster AND t.topic_id IN ( {$topic_ids} )" ) );
+    $poster_details = $wpdb->get_results( "SELECT t.topic_id, t.topic_last_poster, u.user_login, u.user_nicename, u.user_email, u.display_name FROM {$wpdb->users} u, {$bbdb->topics} t WHERE u.ID = t.topic_last_poster AND t.topic_id IN ( {$topic_ids} )" );
     for ( $i = 0, $count = count( $topics ); $i < $count; ++$i ) {
         foreach ( (array) $poster_details as $poster ) {
@@ -485 +485 @@
     // Fetch fullname for the topic's last poster
     if ( bp_is_active( 'xprofile' ) ) {
-        $poster_names = $wpdb->get_results( $wpdb->prepare( "SELECT t.topic_id, pd.value FROM {$bp->profile->table_name_data} pd, {$bbdb->topics} t WHERE pd.user_id = t.topic_last_poster AND pd.field_id = 1 AND t.topic_id IN ( {$topic_ids} )" ) );
+        $poster_names = $wpdb->get_results( "SELECT t.topic_id, pd.value FROM {$bp->profile->table_name_data} pd, {$bbdb->topics} t WHERE pd.user_id = t.topic_last_poster AND pd.field_id = 1 AND t.topic_id IN ( {$topic_ids} )" );
         for ( $i = 0, $count = count( $topics ); $i < $count; ++$i ) {
             foreach ( (array) $poster_names as $name ) {
@@ -610 +610 @@
 
     // Fetch the poster's user_email, user_nicename and user_login
-    $poster_details = $wpdb->get_results( $wpdb->prepare( "SELECT u.ID as user_id, u.user_login, u.user_nicename, u.user_email, u.display_name FROM {$wpdb->users} u WHERE u.ID IN ( {$user_ids} )" ) );
+    $poster_details = $wpdb->get_results( "SELECT u.ID as user_id, u.user_login, u.user_nicename, u.user_email, u.display_name FROM {$wpdb->users} u WHERE u.ID IN ( {$user_ids} )" );
 
     for ( $i = 0, $count = count( $posts ); $i < $count; ++$i ) {
@@ -625 +625 @@
     // Fetch fullname for each poster.
     if ( bp_is_active( 'xprofile' ) ) {
-        $poster_names = $wpdb->get_results( $wpdb->prepare( "SELECT pd.user_id, pd.value FROM {$bp->profile->table_name_data} pd WHERE pd.user_id IN ( {$user_ids} )" ) );
+        $poster_names = $wpdb->get_results( "SELECT pd.user_id, pd.value FROM {$bp->profile->table_name_data} pd WHERE pd.user_id IN ( {$user_ids} )" );
         for ( $i = 0, $count = count( $posts ); $i < $count; ++$i ) {
             foreach ( (array) $poster_names as $name ) {

branches/1.6/bp-friends/bp-friends-classes.php

@@ -85 +85 @@
 
         if ( !empty( $friend_requests_only ) ) {
-            $oc_sql = $wpdb->prepare( "AND is_confirmed = 0" );
+            $oc_sql = "AND is_confirmed = 0";
             $friend_sql = $wpdb->prepare ( " WHERE friend_user_id = %d", $user_id );
         } else {
-            $oc_sql = $wpdb->prepare( "AND is_confirmed = 1" );
+            $oc_sql = "AND is_confirmed = 1";
             $friend_sql = $wpdb->prepare ( " WHERE (initiator_user_id = %d OR friend_user_id = %d)", $user_id, $user_id );
         }
 
-        $friends = $wpdb->get_results( $wpdb->prepare( "SELECT friend_user_id, initiator_user_id FROM {$bp->friends->table_name} $friend_sql $oc_sql ORDER BY date_created DESC" ) );
+        $friends = $wpdb->get_results( "SELECT friend_user_id, initiator_user_id FROM {$bp->friends->table_name} $friend_sql $oc_sql ORDER BY date_created DESC" );
         $fids = array();
 
@@ -233 +233 @@
         // filter the user_ids based on the search criteria.
         if ( bp_is_active( 'xprofile' ) ) {
-            $sql = $wpdb->prepare( "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql" );
-        } else {
-            $sql = $wpdb->prepare( "SELECT DISTINCT user_id as id FROM $usermeta_table WHERE meta_value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql" );
+            $sql = "SELECT DISTINCT d.user_id as id FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql";
+        } else {
+            $sql = "SELECT DISTINCT user_id as id FROM $usermeta_table WHERE meta_value LIKE '$filter%%' ORDER BY d.value DESC $pag_sql";
         }
 
@@ -256 +256 @@
         // filter the user_ids based on the search criteria.
         if ( bp_is_active( 'xprofile' ) ) {
-            $sql = $wpdb->prepare( "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%'" );
-        } else {
-            $sql = $wpdb->prepare( "SELECT COUNT(DISTINCT user_id) FROM $usermeta_table WHERE meta_value LIKE '$filter%%'" );
+            $sql = "SELECT COUNT(DISTINCT d.user_id) FROM {$bp->profile->table_name_data} d, $users_table u WHERE d.user_id = u.id AND d.value LIKE '$filter%%'";
+        } else {
+            $sql = "SELECT COUNT(DISTINCT user_id) FROM $usermeta_table WHERE meta_value LIKE '$filter%%'";
         }
 

branches/1.6/bp-groups/bp-groups-classes.php

@@ -177 +177 @@
 
         // Modify group count usermeta for members
-        $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->usermeta} SET meta_value = meta_value - 1 WHERE meta_key = 'total_group_count' AND user_id IN ( {$user_id_str} )" ) );
+        $wpdb->query( "UPDATE {$wpdb->usermeta} SET meta_value = meta_value - 1 WHERE meta_key = 'total_group_count' AND user_id IN ( {$user_id_str} )" );
 
         // Now delete all group member entries
@@ -235 +235 @@
         $gids = implode( ',', $gids['groups'] );
 
-        $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids}) {$pag_sql}" ) );
-        $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids})" ) );
+        $paged_groups = $wpdb->get_results( "SELECT id as group_id FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids}) {$pag_sql}" );
+        $total_groups = $wpdb->get_var( "SELECT COUNT(id) FROM {$bp->groups->table_name} WHERE ( name LIKE '{$filter}%%' OR description LIKE '{$filter}%%' ) AND id IN ({$gids})" );
 
         return array( 'groups' => $paged_groups, 'total' => $total_groups );
@@ -533 +533 @@
 
         if ( !bp_current_user_can( 'bp_moderate' ) )
-            $hidden_sql = $wpdb->prepare( " AND status != 'hidden'");
+            $hidden_sql = " AND status != 'hidden'";
 
         $letter = like_escape( $wpdb->escape( $letter ) );
@@ -539 +539 @@
         if ( !empty( $limit ) && !empty( $page ) ) {
             $pag_sql = $wpdb->prepare( " LIMIT %d, %d", intval( ( $page - 1 ) * $limit), intval( $limit ) );
-            $total_groups = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '$letter%%' {$hidden_sql} {$search_sql} {$exclude_sql}" ) );
-        }
-
-        $paged_groups = $wpdb->get_results( $wpdb->prepare( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '$letter%%' {$hidden_sql} {$search_sql} {$exclude_sql} ORDER BY g.name ASC {$pag_sql}"  ) );
+            $total_groups = $wpdb->get_var( "SELECT COUNT(DISTINCT g.id) FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '$letter%%' {$hidden_sql} {$search_sql} {$exclude_sql}" );
+        }
+
+        $paged_groups = $wpdb->get_results( "SELECT g.*, gm1.meta_value as total_member_count, gm2.meta_value as last_activity FROM {$bp->groups->table_name_groupmeta} gm1, {$bp->groups->table_name_groupmeta} gm2, {$bp->groups->table_name} g WHERE g.id = gm1.group_id AND g.id = gm2.group_id AND gm2.meta_key = 'last_activity' AND gm1.meta_key = 'total_member_count' AND g.name LIKE '$letter%%' {$hidden_sql} {$search_sql} {$exclude_sql} ORDER BY g.name ASC {$pag_sql}" );
 
         if ( !empty( $populate_extras ) ) {
@@ -637 +637 @@
             $hidden_sql = "WHERE status != 'hidden'";
 
-        return $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM {$bp->groups->table_name} {$hidden_sql}" ) );
+        return $wpdb->get_var( "SELECT COUNT(id) FROM {$bp->groups->table_name} {$hidden_sql}" );
     }
 
@@ -692 +692 @@
 
             case 'hidden' :
-                $status_sql = $wpdb->prepare( "AND g.status = 'hidden'" );
+                $status_sql = "AND g.status = 'hidden'";
                 break;
 
             case 'private' :
-                $status_sql = $wpdb->prepare( "AND g.status = 'private'" );
+                $status_sql = "AND g.status = 'private'";
                 break;
 
             case 'public' :
             default :
-                $status_sql = $wpdb->prepare( "AND g.status = 'public'" );
+                $status_sql = "AND g.status = 'public'";
                 break;
         }
@@ -1174 +1174 @@
         $exclude_admins_sql = '';
         if ( !empty( $exclude_admins_mods ) )
-            $exclude_admins_sql = $wpdb->prepare( "AND is_admin = 0 AND is_mod = 0" );
+            $exclude_admins_sql = "AND is_admin = 0 AND is_mod = 0";
 
         $banned_sql = '';
         if ( !empty( $exclude_banned ) )
-            $banned_sql = $wpdb->prepare( " AND is_banned = 0" );
+            $banned_sql = " AND is_banned = 0";
 
         $exclude_sql = '';
         if ( !empty( $exclude ) )
-            $exclude_sql = $wpdb->prepare( " AND m.user_id NOT IN ({$exclude})" );
+            $exclude_sql = " AND m.user_id NOT IN ({$exclude})";
 
         if ( bp_is_active( 'xprofile' ) )

branches/1.6/bp-members/bp-members-functions.php

@@ -479 +479 @@
     if ( !$count = wp_cache_get( 'bp_total_member_count', 'bp' ) ) {
         $status_sql = bp_core_get_status_sql();
-        $count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(ID) FROM $wpdb->users WHERE {$status_sql}" ) );
+        $count = $wpdb->get_var( "SELECT COUNT(ID) FROM $wpdb->users WHERE {$status_sql}" );
         wp_cache_set( 'bp_total_member_count', $count, 'bp' );
     }
@@ -497 +497 @@
         // Avoid a costly join by splitting the lookup
         if ( is_multisite() ) {
-            $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE (user_status != 0 OR deleted != 0 OR user_status != 0)" );
+            $sql = "SELECT ID FROM $wpdb->users WHERE (user_status != 0 OR deleted != 0 OR user_status != 0)";
         } else {
-            $sql = $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_status != 0" );
+            $sql = "SELECT ID FROM $wpdb->users WHERE user_status != 0";
         }
 
         $exclude_users = $wpdb->get_col( $sql );
-        $exclude_users_sql = !empty( $exclude_users ) ? $wpdb->prepare( "AND user_id NOT IN (" . implode( ',', wp_parse_id_list( $exclude_users ) ) . ")" ) : '';
+        $exclude_users_sql = !empty( $exclude_users ) ? "AND user_id NOT IN (" . implode( ',', wp_parse_id_list( $exclude_users ) ) . ")" : '';
 
         $count = (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(user_id) FROM $wpdb->usermeta WHERE meta_key = %s {$exclude_users_sql}", bp_get_user_meta_key( 'last_activity' ) ) );

branches/1.6/bp-messages/bp-messages-classes.php

@@ -145 +145 @@
 
         if ( $type == 'unread' )
-            $type_sql = $wpdb->prepare( " AND r.unread_count != 0 " );
+            $type_sql = " AND r.unread_count != 0 ";
         elseif ( $type == 'read' )
-            $type_sql = $wpdb->prepare( " AND r.unread_count = 0 " );
+            $type_sql = " AND r.unread_count = 0 ";
 
         if ( !empty( $search_terms ) ) {
@@ -200 +200 @@
 
         if ( $type == 'unread' )
-            $type_sql = $wpdb->prepare( " AND unread_count != 0 " );
+            $type_sql = " AND unread_count != 0 ";
         else if ( $type == 'read' )
-            $type_sql = $wpdb->prepare( " AND unread_count = 0 " );
+            $type_sql = " AND unread_count = 0 ";
 
         return (int) $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(thread_id) FROM {$bp->messages->table_name_recipients} WHERE user_id = %d AND is_deleted = 0$exclude_sender $type_sql", $user_id ) );
@@ -283 +283 @@
         $bp_prefix = bp_core_get_table_prefix();
         $errors    = false;
-        $threads   = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$bp_prefix}bp_messages_threads" ) );
+        $threads   = $wpdb->get_results( "SELECT * FROM {$bp_prefix}bp_messages_threads" );
 
         // Nothing to update, just return true to remove the table
@@ -358 +358 @@
         // If we have no thread_id then this is the first message of a new thread.
         if ( empty( $this->thread_id ) ) {
-            $this->thread_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT MAX(thread_id) FROM {$bp->messages->table_name_messages}" ) ) + 1;
+            $this->thread_id = (int) $wpdb->get_var( "SELECT MAX(thread_id) FROM {$bp->messages->table_name_messages}" ) + 1;
             $new_thread = true;
         }
@@ -539 +539 @@
         }
 
-        $notices = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$bp->messages->table_name_notices} ORDER BY date_sent DESC {$limit_sql}" ) );
+        $notices = $wpdb->get_results( "SELECT * FROM {$bp->messages->table_name_notices} ORDER BY date_sent DESC {$limit_sql}" );
 
         return $notices;
@@ -547 +547 @@
         global $wpdb, $bp;
 
-        $notice_count = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM " . $bp->messages->table_name_notices ) );
+        $notice_count = $wpdb->get_var( "SELECT COUNT(id) FROM " . $bp->messages->table_name_notices );
 
         return $notice_count;
@@ -555 +555 @@
         global $wpdb, $bp;
 
-        $notice_id = $wpdb->get_var( $wpdb->prepare( "SELECT id FROM {$bp->messages->table_name_notices} WHERE is_active = 1" ) );
+        $notice_id = $wpdb->get_var( "SELECT id FROM {$bp->messages->table_name_notices} WHERE is_active = 1" );
         return new BP_Messages_Notice( $notice_id );
     }

branches/1.6/bp-xprofile/bp-xprofile-classes.php

@@ -134 +134 @@
             $where_sql = $wpdb->prepare( 'WHERE g.id = %d', $profile_group_id );
         elseif ( $exclude_groups )
-            $where_sql = $wpdb->prepare( "WHERE g.id NOT IN ({$exclude_groups})");
+            $where_sql = "WHERE g.id NOT IN ({$exclude_groups})";
 
         if ( !empty( $hide_empty_groups ) )
-            $groups = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT g.* FROM {$bp->profile->table_name_groups} g INNER JOIN {$bp->profile->table_name_fields} f ON g.id = f.group_id {$where_sql} ORDER BY g.group_order ASC" ) );
+            $groups = $wpdb->get_results( "SELECT DISTINCT g.* FROM {$bp->profile->table_name_groups} g INNER JOIN {$bp->profile->table_name_fields} f ON g.id = f.group_id {$where_sql} ORDER BY g.group_order ASC" );
         else
-            $groups = $wpdb->get_results( $wpdb->prepare( "SELECT DISTINCT g.* FROM {$bp->profile->table_name_groups} g {$where_sql} ORDER BY g.group_order ASC" ) );
+            $groups = $wpdb->get_results( "SELECT DISTINCT g.* FROM {$bp->profile->table_name_groups} g {$where_sql} ORDER BY g.group_order ASC" );
 
         if ( empty( $fetch_fields ) )
@@ -165 +165 @@
 
         if ( !empty( $exclude_fields_cs ) ) {
-            $exclude_fields_sql = $wpdb->prepare( "AND id NOT IN ({$exclude_fields_cs})" );
+            $exclude_fields_sql = "AND id NOT IN ({$exclude_fields_cs})";
         } else {
             $exclude_fields_sql = '';
@@ -171 +171 @@
 
         // Fetch the fields
-        $fields = $wpdb->get_results( $wpdb->prepare( "SELECT id, name, description, type, group_id, is_required FROM {$bp->profile->table_name_fields} WHERE group_id IN ( {$group_ids} ) AND parent_id = 0 {$exclude_fields_sql} ORDER BY field_order" ) );
+        $fields = $wpdb->get_results( "SELECT id, name, description, type, group_id, is_required FROM {$bp->profile->table_name_fields} WHERE group_id IN ( {$group_ids} ) AND parent_id = 0 {$exclude_fields_sql} ORDER BY field_order" );
 
         if ( empty( $fields ) )
@@ -332 +332 @@
         global $wpdb, $bp;
 
-        $levels = $wpdb->get_results( $wpdb->prepare( "SELECT object_id, meta_key, meta_value FROM {$bp->profile->table_name_meta} WHERE object_type = 'field' AND ( meta_key = 'default_visibility' OR meta_key = 'allow_custom_visibility' )" ) );
+        $levels = $wpdb->get_results( "SELECT object_id, meta_key, meta_value FROM {$bp->profile->table_name_meta} WHERE object_type = 'field' AND ( meta_key = 'default_visibility' OR meta_key = 'allow_custom_visibility' )" );
 
         // Arrange so that the field id is the key and the visibility level the value
@@ -1198 +1198 @@
 
         if ( !empty( $exclude_fullname ) )
-            $exclude_sql = $wpdb->prepare( " AND pf.id != 1" );
+            $exclude_sql = " AND pf.id != 1";
 
         return $wpdb->get_results( $wpdb->prepare( "SELECT pf.type, pf.name, pd.value FROM {$bp->profile->table_name_data} pd INNER JOIN {$bp->profile->table_name_fields} pf ON pd.field_id = pf.id AND pd.user_id = %d {$exclude_sql} ORDER BY RAND() LIMIT 1", $user_id ) );