WordPress.org

Ready to get started?Download WordPress

Forums

Select Featured Posts
Error with WP 3.5: wpdb::prepare() (61 posts)

  1. adrianhuma
    Member
    Posted 1 year ago #

    Anyone? Please . i want to go online with the site but i'm afraid of an SQL injection...

  2. AlexRayan
    Member
    Posted 1 year ago #

    Hi Adrian,

    This is how to fix the following.

    From:
    $has_children = $wpdb->get_var($wpdb->prepare("SELECT COUNT(meta_id) FROM $wpdb->postmeta WHERE meta_key='_menu_item_menu_item_parent' AND meta_value='".$item->ID."'"));

    To:

    $itemID = $item->ID;
    $has_children = $wpdb->get_var($wpdb->prepare("SELECT COUNT(meta_id) FROM $wpdb->postmeta WHERE meta_key='_menu_item_menu_item_parent' AND meta_value='%d'",$itemID));

    The pattern is the following:

    //OLD:
    $wpdb->prepare( "SELECT * FROM some_table WHERE ID = $id AND name = $name" );
    //NEW:
    $wpdb->prepare( "SELECT * FROM some_table WHERE ID = %d AND name = %s", $id, $name );

    You pass the variables as a second parameter of prepare() function and use %d (for integers), %s (for strings), or %f (for floats) in the place of the variables in the first argument.

    Best regards,
    Alex

  3. adrianhuma
    Member
    Posted 1 year ago #

    Alex, thanks a lot .
    I tried it and it worked.
    One more thing Alex, can i contact you for some custom work ?
    Thanks

  4. AlexRayan
    Member
    Posted 1 year ago #

    Sure thing, Adrian.
    Email me at alex@alexiz.com and we'll discuss.

    Best regards,
    Alex

  5. jlboelen
    Member
    Posted 1 year ago #

    Hi Adrian,

    Would you perhaps also be able to fix the code that I posted earlier? Here is the code:

    $where = $wpdb->prepare("WHERE p.post_date < '".$current_post_date."' AND p.post_type = '". $post->post_type ."' AND p.post_status = 'publish' AND p.ID != '". $post->ID ."' $posts_in_ex_cats_sql");

    I checked your pattern suggestion above, but I am not sure how to fix it :(

    Thanks!

    Jasper

  6. AlexRayan
    Member
    Posted 1 year ago #

    Hi Jasper,

    Try this, although the last part of the code is a little weird:

    $where = $wpdb->prepare("WHERE p.post_date < '%s' AND p.post_type = '%s' AND p.post_status = 'publish' AND p.ID != '%d' %s", $current_post_date, $post->post_type, $post->ID, $posts_in_ex_cats_sql);

    Best regards,
    Alex

  7. siutouamy
    Member
    Posted 11 months ago #

    Is this topic still active?
    I'm having this issue with this warning

    Warning: Missing argument 2 for wpdb::prepare(), ****/banner-garden/bannergarden.class.php on line 404 and defined in *wp-includes/wp-db.php on line 992

    $count_of_banners = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->b_table." WHERE b_campaign = ".$camp->c_id));

    Warning: Missing argument 2 for wpdb::prepare(), called in /***/banner-garden/bannergarden.class.php on line 383 and defined in /***/wp-includes/wp-db.php on line 992

    $name = $wpdb->get_var($wpdb->prepare("SELECT c_name FROM ".$this->c_table." WHERE c_id = ".$c_id));

    Warning: Missing argument 2 for wpdb::prepare(), called in /***/banner-garden/bannergarden_frontend.class.php on line 141 and defined in /***/wp-includes/wp-db.php on line 992

    $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->c_table." WHERE c_id = ".$c_id));

    I added ", $id, $name" (can you tell I'm null at this?) as this pointed, and it got rid of the warnings but the plugin isn't letting me add new banners or modify them.

  8. 501dash
    Member
    Posted 11 months ago #

    Hello Guys,

    I am having the same problem and undertand the concept of changing, or adding the 2 argument, if you will, but I really have no idea of which one to change. I am using Classipress and on the side bar, right above the sub-categories I get this message:

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-refine.php on line 27 and defined in /home/content/57/11469657/html/501/miami/wp-includes/wp-db.php on line 992

    And then just above the ad I picture I have this message:

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-functions.php on line 403 and defined in /home/content/57/11469657/html/501/miami/wp-includes/wp-db.php on line 992

    When I open the files where the changes have to be made I find a lot of those "arguments" and then I don't know what to change. Can anyone help?

    Thanks!

  9. AlexRayan
    Member
    Posted 11 months ago #

    Hi 501dash,

    Could you please post the code from these lines (line 27 from theme-refine.php and line 403 from theme-functions.php) here so I could take a look at what to change?

    Regards,
    Alex

  10. AlexRayan
    Member
    Posted 11 months ago #

    Hi Siutouamy,

    In what way did you change this line?
    $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->c_table." WHERE c_id = ".$c_id));

    It should be:
    $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM %s WHERE c_id = %d, $this->c_table, $this->c_id));

    There is no $id or $name variables in your example. Please make sure you passed the correct variables.

    Regards,
    Alex

  11. 501dash
    Member
    Posted 11 months ago #

    Hello AlexRyan,

    Thanks for your reply. I am no so smart with WordPress yet, so, where would I find these pages? I looked in the wp-includes folder but can't find them. I have not changed anything yet.

    Thanks!

  12. AlexRayan
    Member
    Posted 11 months ago #

    Hi 501dash,

    The files should be here:
    /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-refine.php
    &
    /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-functions.php

    as the warning message points out.

    If you're connecting via ftp, please go to your themes folder and look for a theme called "Classipress". Then look into includes directory there.
    Both files should be there.
    If you don't see them, then the theme that's being called is located somewhere else. The root of the WP site should be 'miami' as the path suggests.

    Regards,
    Alex

  13. 501dash
    Member
    Posted 11 months ago #

    Hi AlexRyan,

    This is the full content of that page: theme-refine

    [Moderator note - That's way too much code to post here and you did not use the code buttons so it messed up the forum - please post to a pastebin - see:
    http://codex.wordpress.org/Forum_Welcome#Posting_Code

    I am looking for the other one now...

    Thanks

  14. 501dash
    Member
    Posted 11 months ago #

    Codes removed...

    AlexRyan,

    Should I email them to you?

    Thanks!

  15. WPyogi
    Volunteer Moderator
    Posted 11 months ago #

    @501dash - that's way too much code to post here - please post to a pastebin - see:

    http://codex.wordpress.org/Forum_Welcome#Posting_Code

  16. 501dash
    Member
    Posted 11 months ago #

    AlexRyan,

    Should I email them to you?

  17. AlexRayan
    Member
    Posted 11 months ago #

    Hi 501dash,

    here's what you need to change in the theme-refine.php file:
    FROM:
    $results = $wpdb->get_results( $sql = $wpdb->prepare( "SELECT ID, form_cats FROM ". $wpdb->prefix . "cp_ad_forms WHERE form_status = 'active'" ) );
    TO:
    $results = $wpdb->get_results( $sql = $wpdb->prepare( "SELECT ID, form_cats FROM %s cp_ad_forms WHERE form_status = 'active'", $wpdb->prefix ) );

    Regards,
    Alex

  18. 501dash
    Member
    Posted 11 months ago #

    AlexRayan,

    I tried changing it but it didn't work.
    Can I email it to you? Maybe I am doing something totally wrong...

    Thanks!

  19. AlexRayan
    Member
    Posted 11 months ago #

    sure, email me the php files in a zip (so they don't get blocked my mail) - alex (at) alexiz.com.

  20. Chrigel
    Member
    Posted 10 months ago #

    Hi

    Can somebody help me. I get the following error message:

    Warning: Missing argument 2 for wpdb::prepare(), called in ......plugins/secure-wordpress/inc/swUtil.php on line 137 and defined in .....wp-includes/wp-db.php on line 992

    These are the lines:

    Line 137 in swUtil.php
    $obj->data = $wpdb->prepare($out);

    Line 992 in wp-db.php
    function prepare( $query, $args ) {

    Thank you

    Christian

  21. AlexRayan
    Member
    Posted 10 months ago #

    Hi Christian,

    Could you please post the code that is in variable $out since this is the one you would need to change. It should be defined before line 137.

    Best regards,
    Alex

  22. Chrigel
    Member
    Posted 10 months ago #

    Hi Alex

    I can't find it. I send you the file by e-mail. The answer then we can post in the forum.

    Christian

  23. Chrigel
    Member
    Posted 10 months ago #

    @Alex

    Did you get my email with the file?

    Christian

  24. AlexRayan
    Member
    Posted 10 months ago #

    Hi Christian,

    Yes, I did and replied to you yesterday to your email.
    Just in case you didn't get it, here's my reply:

    I looked through the file and you can actually just remove prepare() from here since the data in $out in being validated when the posts are being saved from the back end.

    So, please change this line 137 from:

    $obj->data = $wpdb->prepare($out);

    to

    $obj->data = $out;

    Please let me know if it works for you.

    Best regards,
    Alex

  25. Chrigel
    Member
    Posted 10 months ago #

    Hi Alex

    Thank you very much!

    The error message is gone. It looks like it's working.

    Best regards

    Christian

  26. Chrigel
    Member
    Posted 10 months ago #

    Hi

    I've again an error in one of the php files.

    Error message:
    Too few arguments in...
    ....wp-content/themes/CherryFramework/title.php on line 29

    Below the lines 21 up to 31. Line 29 are in bold.

    ------------------------------

    <?php } elseif ( is_category() ) { ?>

    <?php printf( theme_locals("category_archives").": %s", '<small>' . single_cat_title( '', false ) . '</small>' ); ?>

    <?php echo category_description(); /* displays the category's description from the WordPress admin */ ?>

    <?php } elseif ( is_tax('portfolio_category') ) { ?>

    <?php echo theme_locals("portfolio_category").": "; ?>

    ------------------------------

    Best regards

    Christian

  27. Vukistar
    Member
    Posted 10 months ago #

    Hello Alex

    I have this problem appearing when accessing my website.

    `Warning: Missing argument 2 for wpdb::prepare(), called in /home/a12261/public_html/wp-content/plugins/groups/lib/core/class-groups-user.php on line 151
    and defined in/home/a12261/public_html/wp-includes/wp-db.php on line 992

    Please asvise
    Vukistar

  28. Vukistar
    Member
    Posted 10 months ago #

    I made a few changes on line 151 and now it saya...............
    Parse error: syntax error, unexpected T_STRING in /home......../class-groups-user.php on line 157
    This is line 157
    "SELECT group_id FROM $user_group_table WHERE user_id = %d",
    Please can someone advise me here.

  29. wendybert
    Member
    Posted 10 months ago #

    Hi -

    I am having the same problem - my warning is:

    Warning: Missing argument 2 for wpdb::prepare(), called in /home/columbin/public_html/wp-content/themes/revelation-theme/lib/theme-sidebars.php on line 51 and defined in /home/columbin/public_html/wp-includes/wp-db.php on line 992

    Line 51 is:
    $widgetized_pages = $wpdb->get_col( $wpdb->prepare("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'celta_sidebar'" ) );

    From a previous forum reply, I changed Line 51 to:
    $widgetized_pages = $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'celta_sidebar'" );

    The error message no longer appears on the site, however my admin login page is completely blank, ie I can't log in...

    Can you help? Thank you!

  30. mikeburton_2000
    Member
    Posted 9 months ago #

    I'm sorry to add more to the list. Ive read the info and tried to make it right but I just seem to make more errors.
    My error message is;
    Warning: Missing argument 2 for wpdb::prepare(), called in/wp-content/themes/dt-nimble/functions/core/core-filters.php on line 8 and defined in wp-includes/wp-db.php on line 992

    core-filters file reads;
    <?php

    function dt_core_parents_where_filter( $where ) {
    if( function_exists('dt_storage') ) {
    global $wpdb;
    $param = dt_storage('where_filter_param');
    if( $param ) {
    $where .= sprintf( " AND $wpdb->posts.post_parent IN(%s)", $wpdb->prepare($param) );
    }else {
    $where .= ' AND 1=0';
    }
    }
    return $where;
    }

    function dt_core_join_left_filter( $parts ) {
    if( isset($parts['join']) && !empty($parts['join']) ) {
    $parts['join'] = str_replace( 'INNER', 'LEFT', $parts['join']);
    }
    return $parts;
    }

    function dt_core_media_item_remove_insert_button( $args = array() ) {
    if( isset($args['send']) )
    $args['send'] = false;
    return $args;
    }

    function dt_inset_into_post_filter ( $html, $id, $caption, $title, $align, $url ) {
    if ( isset( $url ) ) {
    $html = str_replace( 'href=', 'class="highslide" onclick="return hs.expand(this)" href=', $html );
    }
    return $html;
    }
    //add_filter( 'image_send_to_editor', 'dt_inset_into_post_filter', 10, 6 );
    ?>

    Is it possible one of you nice people could help me out. I have contacted the theme provider but theyre person is away until th e30th Sep and I dont think I want the message for the world to see for that long.

    Many Thanks in advance
    Mike B

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.