WordPress.org

Ready to get started?Download WordPress

Forums

Jigoshop
Jigoshop using wpdb->prepare when not needed - throws warning (1 post)

  1. powderflask
    Member
    Posted 6 months ago #

    WP 3.8, PHP5.3, Jigoshop1.8

    wpdb->prepare() throws a warning when no parameters are passed, since this could signal a security issue.

    jigoshop_options_class.php throws this Warning at Line 188

    Original code:

    $options_in_use = $wpdb->get_results(
       $wpdb->prepare( "SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'jigoshop_%%';" ));

    Note that there is nothing to "prepare" here - the SQL requires no substitutions. So, the prepare() call has no effect. Thus, the following is simpler and does not generate any warnings:

    $options_in_use = $wpdb->get_results("SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'jigoshop_%%';");

    This is NOT a security issue, but since this warning CAN indicate a security issue, be nice to get rid of it.

    For more info about the issue in general, see http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/

    As always - thanks! Jigoshop ROCKS!

    http://wordpress.org/plugins/jigoshop/

Reply

You must log in to post.

About this Plugin

About this Topic