Ready to get started?Download WordPress


[resolved] Plugin Is Unsafe Till PHP Warning: Missing argument 2 for wpdb::prepare() is fix (3 posts)

  1. Meckin
    Posted 11 months ago #


    I just wanted to document this for other users, that don't look at the write (http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/)

    "So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!"

    If you see this error at the top of your plug in, "Warning: Missing argument 2 for wpdb::prepare(), called in"

    According to this write up, the plug in is unsafe, and might make you open for SQL injections.

    Till it's fix I would turn it off, less you look at http://wordpress.org/support/topic/missing-argument-2-for-wpdbprepare-17?replies=13

    for a manual fix.

    I'm sorry, but I had to bring this to the attention of others.


  2. John Godley
    Plugin Author

    Posted 10 months ago #

    The warning is there to highlight queries that may be unsafe but could be non-obvious because they use $wpdb->prepare(). It does not mean that the queries are unsafe - the warning is erring on the side of caution.

  3. Meckin
    Posted 7 months ago #

    This has been fixed. Thanks for the update. Thanks for your help!


You must log in to post.

About this Plugin

About this Topic


No tags yet.