Support » Plugin: EG-Attachments » Plugin Query is not dynamic

  • In database query inside a plugin file is not as per the standard WordPress queries.

    In file “\eg-attachments\inc\eg-attachments-public.inc.php” there is a function “record_click”. In this function author is using below query:

    $sql = $wpdb->prepare(‘SELECT click_id,clicks_number FROM wp_eg_attachments_clicks WHERE click_date=CURRENT_DATE() AND attach_id=%d AND post_id=%d’,
    $attach_id, $parent_id);

    Just look at the query, author is using “wp_eg_attachments_clicks” for a table. Here table prefix for that table is “wp_” which is not dynamic. Author should use something like below:

    $sql = $wpdb->prepare(‘SELECT click_id,clicks_number FROM ‘.$wpdb->prefix.’eg_attachments_clicks WHERE click_date=CURRENT_DATE() AND attach_id=%d AND post_id=%d’,
    $attach_id, $parent_id);

    In place of “wp_” we should always use “$wpdb->prefix” in our queries so that our query will not break even change of table prefix by the user from wp-config.php file.

    Request to author, please update it in your next release.

    Thanks,
    Sunil Chaudhary

    • This topic was modified 2 years, 4 months ago by  sunil.ch. Reason: check notify
Viewing 1 replies (of 1 total)
  • Moderator Steve Stern

    (@sterndata)

    Support Team Volunteer

    sunil: I see you’re on crusade (in a good way) to get coding bugs like this fixed. Please post future ones as support topics and not reviews. Thanks.

Viewing 1 replies (of 1 total)
  • The topic ‘Plugin Query is not dynamic’ is closed to new replies.