Skip to:
Content

BuddyPress.org


Ignore:
Timestamp:
12/10/2012 06:07:53 AM (13 years ago)
Author:
johnjamesjacoby
Message:

Query variable and prepare() usage audit. See #4654. (1.6 branch)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/1.6/bp-groups/bp-groups-classes.php

    r6557 r6575  
    11351135        // If the user is logged in and viewing their random groups, we can show hidden and private groups
    11361136        if ( bp_is_my_profile() ) {
    1137             return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
     1137            return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT group_id FROM {$bp->groups->table_name_members} WHERE user_id = %d AND is_confirmed = 1 AND is_banned = 0 ORDER BY rand() LIMIT {$total_groups}", $user_id ) );
    11381138        } else {
    1139             return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT $total_groups", $user_id ) );
     1139            return $wpdb->get_col( $wpdb->prepare( "SELECT DISTINCT m.group_id FROM {$bp->groups->table_name_members} m, {$bp->groups->table_name} g WHERE m.group_id = g.id AND g.status != 'hidden' AND m.user_id = %d AND m.is_confirmed = 1 AND m.is_banned = 0 ORDER BY rand() LIMIT {$total_groups}", $user_id ) );
    11401140        }
    11411141    }
Note: See TracChangeset for help on using the changeset viewer.