为了与Wordpress 3.4.2配合使用,我修改了一个废弃的badge插件Stackoverflow表单,它确实做到了。全文如下:http://pastebin.com/Ta91zXiL
升级到Wordpress v3时。5、我在发布帖子(或发表评论)时收到以下警告:
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990
Warning: Cannot modify header information - headers already sent by (output started at /public_html/wp-includes/wp-db.php:990) in /public_html/wp-includes/pluggable.php on line 876
因此,它似乎与第342行和第355行有关:
function rhb_get_user_comment_count( $args = \'\' ) {
global $wpdb;
$comment_count = $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*)
FROM " . $wpdb->prefix . "comments
WHERE user_id = " . $args[\'user_ID\'] . "
AND comment_approved = \'1\'" ) ); // line 342
return $comment_count;
}
function rhb_get_user_post_count( $args = \'\' ) {
global $wpdb;
$post_count = $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*)
FROM " . $wpdb->prefix . "posts
WHERE post_author = " . $args[\'user_ID\'] . "
AND post_status = \'publish\'
AND post_type = \'post\'" ) ); // line 355
return $post_count;
}
我一整天都在试图理解这些警告,但都失败了。有没有人能帮我解决这个问题,这样我们就可以为WP 3.5提供一个非常有用的徽章系统的工作版本?
最合适的回答,由SO网友:Chip Bennett 整理而成
Lead developer Nacin answers this one:
你好,插件或主题作者!您可能在互联网上搜索上述错误后找到了这篇帖子:“PHP警告:wpdb::prepare()缺少参数2。”
这是3.5中的新警告。没有网站被破坏,一切都像以前一样好。但是,这确实是您需要关注的问题,因为您可能会让您的用户暴露于一个可能的SQL注入漏洞。这可不好玩!
阅读其余部分,以便进一步解释。
关于恢复现有代码:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM " . $wpdb->prefix . "comments
WHERE user_id = " . $args[\'user_ID\'] . "
AND comment_approved = \'1\'
"
)
首先,清除不必要的字符串串联,并调用
$wpdb->comments 对于注释表:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->comments
WHERE user_id = $args[\'user_ID\']
AND comment_approved = \'1\'
"
)
现在,警告与查询的这一部分有关:
WHERE user_id = $args[\'user_ID\']
您需要更换
$args[\'user_ID\'] 具有
$d, 然后使用
$args[\'user_ID\'] 缺少第二个参数:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->comments
WHERE user_id = %d
AND comment_approved = \'1\'
",
$args[\'user_ID\'] // %d
)
第二个应类似:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->posts
WHERE post_author = %d
AND post_status = \'publish\'
AND post_type = \'post\'
",
$args[\'user_ID\'] // %d
)
