WordPress.org

Support

Support » Plugins and Hacks » Hacks » [Resolved] Access database outside of WordPress 3.9

[Resolved] Access database outside of WordPress 3.9

  • I have been using the code below in a custom .php file outside of WordPress. The code worked without any issues until upgrading to 3.9 or 3.9.1.

    define( 'SHORTINIT', true );
    
    require_once( $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-load.php' );
    
    global $wpdb;
    $tourney = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM database WHERE player_name='".$player."' And season='".$season."' And status='' ORDER BY date DESC", $null ), ARRAY_N );

    Now this error appears:

    Call to undefined function __() in /home1/public_html/blog/wp-includes/wp-db.php

    What would be the proper method of querying a database outside of WordPress?

Viewing 3 replies - 1 through 3 (of 3 total)
  • It seems using $wpdb>prepare does not work outside of WordPress.

    Omitting $wpdb>prepare in my query now works but I’d sure like to know why it worked before and not now if it is included.

    $tourney = $wpdb->get_results( "SELECT * FROM database WHERE player_name='".$player."' And season='".$season."' And status='' ORDER BY date DESC", ARRAY_N );

    RossMitchell
    Participant

    @rossmitchell

    Your problem is that you are not using prepare correctly. This is what you need (assuming that player and season are strings):

    $tourney = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM database WHERE player_name='%s' And season='%s' And status='' ORDER BY date DESC", $player, $season ), ARRAY_N );

    It really is important to prevent user input being passed through to database functions. This is a common attack called “SQL injection”, here is a cartoon about this http://xkcd.com/327/

    Thank you. That worked.

    I will replace $null within my code to be the variable names of the values being passed.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Resolved] Access database outside of WordPress 3.9’ is closed to new replies.