[resolved] Plugin Is Unsafe Till PHP Warning: Missing argument 2 for wpdb::prepare() is fix (3 posts)

  1. Meckin
    Posted 3 years ago #


    I just wanted to document this for other users, that don't look at the write (http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/)

    "So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!"

    If you see this error at the top of your plug in, "Warning: Missing argument 2 for wpdb::prepare(), called in"

    According to this write up, the plug in is unsafe, and might make you open for SQL injections.

    Till it's fix I would turn it off, less you look at http://wordpress.org/support/topic/missing-argument-2-for-wpdbprepare-17?replies=13

    for a manual fix.

    I'm sorry, but I had to bring this to the attention of others.


  2. John Godley
    Plugin Author

    Posted 2 years ago #

    The warning is there to highlight queries that may be unsafe but could be non-obvious because they use $wpdb->prepare(). It does not mean that the queries are unsafe - the warning is erring on the side of caution.

  3. Meckin
    Posted 2 years ago #

    This has been fixed. Thanks for the update. Thanks for your help!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Redirection
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.