我有一个为wordpress网站定制的插件,该网站是php5上的在线汽车社区。6、我最初并没有开发这个网站,但现在是网站的保管人。我的编程知识有限。我的插件在不同的地方大约有6行,如下所示:
$title = mysql_escape_string(stripslashes($_POST[\'title\']));
$content = mysql_escape_string(stripslashes($_POST[\'article\']));
return mysql_escape_string(stripslashes($_POST[$value]));
我需要转到PHP7,但这当然是一种过时的与数据库交互的方法。
我希望有人能帮助我提出一种最干净、最可靠的方法,用wpdb查询或esq\\U sql方法来替换这一行。我在许多文章中都看到了这一点,但我不知道正确的语法或安全含义,因为我的行中也有“stripslashes”。
提前谢谢。
我的插件函数内部的行示例如下:
function getPostValueOrNothing($value) {
if (isset($_POST[$value])) {
return mysql_escape_string(stripslashes($_POST[$value]));
} else {
return "";
}
}
您可以在以下代码段中看到对这一点的重复依赖:
<?php global $post;
$author_id = bp_displayed_user_id();
$user = get_user_by(\'id\', $author_id);
if (is_user_logged_in() && $author_id == get_current_user_id() && isset($_POST[\'userpinfield\'])) {
if ($_POST[\'userpinfield\'] != "") {
echo "<p>Validation error</p>";
} else {
$post_id = -1;
$attach_id = -1;
$meta_key = "car_id";
$title = getPostValueOrNothing(\'title\');
$content = $_POST[\'article\'];
$year = getPostValueOrNothing(\'year\');
$pdate = getPostValueOrNothing(\'pdate\');
$reg = getPostValueOrNothing(\'reg\');
$commNo = getPostValueOrNothing(\'commNo\');
$engineNo = getPostValueOrNothing(\'engineNo\');
$vin = getPostValueOrNothing(\'vin\');
$colour = getPostValueOrNothing(\'colour\');
$ccolour = getPostValueOrNothing(\'to_close_colour\');
$mileage = getPostValueOrNothing(\'mileage\');
$location = getPostValueOrNothing(\'location\');
if (isset($_POST[\'post_id\']) && $_POST[\'post_id\'] == -1) {
if (null == get_page_by_title($title)) {
$slug = str_replace(" ", "-", strtolower($title));
} else {
$titleSlug = $title . "" . rand(1, 9);
while (null != get_page_by_title($title)) {
$titleSlug = $titleSlug . "" . rand(1, 9);
}
$slug = str_replace(" ", "-", strtolower($titleSlug));
}
//Generate post
$post_id = wp_insert_post(
array(
\'comment_status\' => (!empty($_POST[\'comment_status\']))? $_POST[\'comment_status\'] : \'closed\',
\'ping_status\' => \'closed\',
\'post_author\' => $author_id,
\'post_name\' => $slug,
\'post_title\' => $title,
\'post_content\' => $content,
\'post_status\' => \'publish\',
\'post_type\' => \'to_car\'
)
);
//Generate Topic post
$topic_id = wp_insert_post(
array(
\'comment_status\' => \'closed\',
\'ping_status\' => \'closed\',
\'post_author\' => $author_id,
\'post_name\' => $slug . \'topic\',
\'post_title\' => $title,
\'post_content\' => $content,
\'post_status\' => \'publish\',
\'comment_stattus\' => \'open\',
\'post_type\' => \'topic\'
)
);
add_post_meta($topic_id, $meta_key, $post_id);
add_post_meta($topic_id, \'_bbp_forum_id\', $topic_id);
add_post_meta($topic_id, \'_bbp_topic_id\', $topic_id);
add_post_meta($topic_id, \'_bbp_last_active_time\', date(\'Y-m-d H:m:s\'));
add_post_meta($topic_id, \'_bbp_author_ip\', $_SERVER[\'REMOTE_ADDR\']);
add_post_meta($post_id, \'topic_id\', $topic_id);
add_post_meta($post_id, \'to_year\', $year);
add_post_meta($post_id, \'to_vin\', $vin);
add_post_meta($post_id, \'to_comm\', $commNo);
add_post_meta($post_id, \'to_engine_no\', $engineNo);
add_post_meta($post_id, \'to_reg\', $reg);
add_post_meta($post_id, \'to_date\', $pdate);
add_post_meta($post_id, \'to_mileage\', $mileage);
add_post_meta($post_id, \'to_colour\', $colour);
add_post_meta($post_id, \'to_close_colour\', $ccolour);
add_post_meta($post_id, \'to_views\', 0);
if (!function_exists(\'media_handle_upload\')) {
require_once(ABSPATH . "wp-admin" . \'/includes/image.php\');
require_once(ABSPATH . "wp-admin" . \'/includes/file.php\');
require_once(ABSPATH . "wp-admin" . \'/includes/media.php\');
}
if ($_FILES) {
foreach ($_FILES as $file => $array) {
if ($_FILES[\'feature\'][\'error\'] !== UPLOAD_ERR_OK) {
if ($_FILES[\'feature\'][\'error\'] != 4) {
echo "upload error : " . $_FILES[\'feature\'][\'error\'];
}
} else {
$attach_id = media_handle_upload(\'feature\', $post_id);
}
}
}
if ($attach_id > 0) {
update_post_meta($post_id, \'_thumbnail_id\', $attach_id);
}
$terms = get_terms(\'to_make\');
if ($terms) {
foreach ($terms as $term) {
$modelValue = getPostValueOrNothing(\'model\' . $term->term_id);
if ($modelValue != "") {
update_post_meta($post_id, \'to_model\', $modelValue);
break;
}
}
}
$post = get_post($post_id);
$dummyUrl = plugins_url(\'/imgs/noCar.png\', __FILE__);
$html = \'<div><span>Added a new Car</span></div><div><a href="\' . get_bloginfo(\'url\') . \'/to-car/\' . $post->post_name . \'">\';
if (has_post_thumbnail()) {
$html .= \'<img src="\' . get_the_post_thumbnail_url(get_the_ID(), \'thumbnail\') . \'" title="\' . get_the_title() . \'" alt="\' . get_the_title() . \'" />\';
}else{
$html .= \'<img src="\' . $dummyUrl . \'" title="\' . get_the_title() . \'" alt="\' . get_the_title() . \'" />\';
}
$html .= \'<div><span>\' . get_the_title() . \'</span></div>\';
$html .= \'</a></div>\';
bp_fmsu_generate_activity($author_id, $slug, $html);
echo "<p>Car Saved!</p>";
} else {
$post_id = mysqli_real_escape_string(stripslashes($_POST[\'post_id\']));
if (is_nan($post_id)) {
echo "Unable to update the classified posting";
} else {
$current_item = array(
\'ID\' => $post_id,
\'post_title\' => $title,
\'post_content\' => $content,
\'comment_status\' => (!empty($_POST[\'comment_status\']))? $_POST[\'comment_status\'] : \'closed\',
);
wp_update_post($current_item, true);
if (is_wp_error($post_id)) {
$errors = $post_id->get_error_messages();
foreach ($errors as $error) {
echo $error;
}
} else {
update_post_meta($post_id, \'to_year\', $year);
update_post_meta($post_id, \'to_vin\', $vin);
update_post_meta($post_id, \'to_comm\', $commNo);
update_post_meta($post_id, \'to_engine_no\', $engineNo);
update_post_meta($post_id, \'to_reg\', $reg);
update_post_meta($post_id, \'to_date\', $pdate);
update_post_meta($post_id, \'to_mileage\', $mileage);
update_post_meta($post_id, \'to_colour\', $colour);
update_post_meta($post_id, \'to_close_colour\', $ccolour);
update_post_meta($post_id, \'to_views\', 0);
//Generate Topic post
if (!function_exists(\'media_handle_upload\')) {
require_once(ABSPATH . "wp-admin" . \'/includes/image.php\');
require_once(ABSPATH . "wp-admin" . \'/includes/file.php\');
require_once(ABSPATH . "wp-admin" . \'/includes/media.php\');
}
if ($_FILES) {
foreach ($_FILES as $file => $array) {
if ($_FILES[\'feature\'][\'error\'] !== UPLOAD_ERR_OK) {
if ($_FILES[\'feature\'][\'error\'] != 4) {
echo "upload error : " . $_FILES[\'feature\'][\'error\'];
}
} else {
echo "file uploaded";
$attach_id = media_handle_upload(\'feature\', $post_id);
}
}
}
if ($attach_id > 0) {
update_post_meta($post_id, \'_thumbnail_id\', $attach_id);
}
$post = get_post($post_id);
$dummyUrl = plugins_url(\'/imgs/noCar.png\', __FILE__);
$html = \'<div><span>Updated a Car</span></div><div><a href="\' . get_the_permalink() . \'">\';
if (has_post_thumbnail()) {
$html .= \'<img src="\' . get_the_post_thumbnail_url(get_the_ID(), \'thumbnail\') . \'" title="\' . get_the_title() . \'" alt="\' . get_the_title() . \'" />\';
} else{
$html .= \'<img src="\' . $dummyUrl . \'" title="\' . get_the_title() . \'" alt="\' . get_the_title() . \'" />\';
}
$html .= \'<div><span>\' . get_the_title() . \'</span></div>\';
$html .= \'</a></div>\';
bp_fmsu_generate_activity($author_id, $slug, $html);
echo \'<p class="ajaxmessage">Car updated!</p>\';
}
}
}
}
}
?>
