WordPress.org

Ready to get started?Download WordPress

Forums

Relevanssi - A Better Search
[resolved] WP 3.5 WPDB->Prepare Error (6 posts)

  1. Frank Staude
    Member
    Posted 1 year ago #

    Hi,

    Dashboard -> user searches says

    Warning: Missing argument 2 for wpdb::prepare(), called in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-content/plugins/relevanssi/lib/interface.php on line 498 and defined in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-includes/wp-db.php on line 990
    
    Warning: Missing argument 2 for wpdb::prepare(), called in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-content/plugins/relevanssi/lib/interface.php on line 499 and defined in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-includes/wp-db.php on line 990
    
    Warning: Missing argument 2 for wpdb::prepare(), called in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-content/plugins/relevanssi/lib/interface.php on line 500 and defined in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-includes/wp-db.php on line 990
    
    Warning: Missing argument 2 for wpdb::prepare(), called in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-content/plugins/relevanssi/lib/interface.php on line 501 and defined in /var/www/vhosts/xyz.de/subdomains/test/httpdocs/wp-includes/wp-db.php on line 990

    For the quickfix, replace line 498-501 in lib/interface.php with the lines

    $count['Today and yesterday'] = $wpdb->get_var( "SELECT COUNT(id) FROM $log_table WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 1;"  );
    	$count['Last 7 days'] = $wpdb->get_var( "SELECT COUNT(id) FROM $log_table WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 7;"  );
    	$count['Last 30 days'] = $wpdb->get_var( "SELECT COUNT(id) FROM $log_table WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 30;" );
    	$count['Forever'] = $wpdb->get_var( "SELECT COUNT(id) FROM $log_table;" );

    http://wordpress.org/extend/plugins/relevanssi/

  2. Mikko Saari
    Member
    Plugin Author

    Posted 1 year ago #

    I'm aware of this, and it'll be fixed in the next version.

  3. htrex
    Member
    Posted 1 year ago #

    Frank, your hotfix doesn't seam really risky but according to
    http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/ the code should be changed with something like this:

    $count['Today and yesterday'] = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM %s WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 1;", $log_table ) );
    	$count['Last 7 days'] = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM %s WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 7;", $log_table ) );
    	$count['Last 30 days'] = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM %s WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 30;", $log_table ) );
    	$count['Forever'] = $wpdb->get_var( $wpdb->prepare( "SELECT COUNT(id) FROM %s;", $log_table ) );
  4. Frank Staude
    Member
    Posted 1 year ago #

    Hello,

    Since the variable $ log_table contains the name of the table and not a parameter that is passed from the outside, I can not see where is the risk to the agency on the prepared statement do without, especially since the $ log_table indeed in the original so used was and was not passed as a parameter in the prepared function.

    Actually I wanted to use the Prepared, but I failed because the table name in a rush to pass a prepared statement.

    But $wpdb->prepare( "SELECT COUNT(id) FROM %s WHERE TIMESTAMPDIFF(DAY, time, NOW()) <= 1;", $log_table )
    doesn't work at my installation.

    frank

  5. htrex
    Member
    Posted 1 year ago #

    Sure you're right Frank, stripping away the prepare statement in this specific case doesn't seem to directly expose to any risk, but the move from WP core devs is to raise awareness for a better WP ecosystem coding practice, so tought to share that post for reference.

  6. Mikko Saari
    Member
    Plugin Author

    Posted 1 year ago #

    The next version will fix this by removing the prepare statements - I think that is the correct way to do this, because the table name is not really a value in the first place.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags