Support » Plugin: Custom Permalinks » Warning: mysql_real_escape_string() and Custom Permalinks 0.7.18 with PHP 5.5

  • If you have this error with WordPress 3.9 :
    Warning: mysql_real_escape_string(): No such file or directory in /.../wp-content/plugins/custom-permalinks/custom-permalinks.php on line 167

    Edit this file : wp-content/plugins/custom-permalinks/custom-permalinks.php

    Comment this code :

    /*
        $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts  ".
    	            "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".
    	            "  meta_key = 'custom_permalink' AND ".
    	            "  meta_value != '' AND ".
    	            "  ( LOWER(meta_value) = LEFT(LOWER('".mysql_real_escape_string($request_noslash)."'), LENGTH(meta_value)) OR ".
    	            "    LOWER(meta_value) = LEFT(LOWER('".mysql_real_escape_string($request_noslash."/")."'), LENGTH(meta_value)) ) ".
    	            "  AND post_status != 'trash' AND post_type != 'nav_menu_item'".
    	            " ORDER BY LENGTH(meta_value) DESC, ".
    	            " FIELD(post_status,'publish','private','draft','auto-draft','inherit'),".
    	            " FIELD(post_type,'post','page'),".
    	            "$wpdb->posts.ID ASC  LIMIT 1";
    
        $posts = $wpdb->get_results($sql);
    */

    And add this after :

    $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts  ".
              "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".
              "  meta_key = 'custom_permalink' AND ".
              "  meta_value != '' AND ".
              "  ( LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) OR ".
              "    LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) ) ".
              "  AND post_status != 'trash' AND post_type != 'nav_menu_item'".
              " ORDER BY LENGTH(meta_value) DESC, ".
              " FIELD(post_status,'publish','private','draft','auto-draft','inherit'),".
              " FIELD(post_type,'post','page'),".
              "$wpdb->posts.ID ASC  LIMIT 1";
    
      $posts = $wpdb->get_var( $wpdb->prepare(
        $sql,
        $request_noslash, // an unescaped string (function will do the sanitization for you)
        $request_noslash // an untrusted integer (function will do the sanitization for you)
      ) );

    https://wordpress.org/plugins/custom-permalinks/

Viewing 15 replies - 1 through 15 (of 17 total)
  • Hello.,

    I have updated plugin with above code but still not working., Is there anything i need to update..

    Thanks

    Hello,

    Nothing, just reload the page.

    Maybe clear your cache….

    Regards

    Hey bro.

    Just cleared the cache and even re-activated the plugin also but didnt work for me.,

    Thanks
    Hasti

    Did you check the functions.php file?
    A function that overloads the one that was changed?

    May i know which function in functions.php because am using genesis framework

    Search the string “custom_permalinks_request” in functions.php

    Its nothing like that in my functions.php file. May be some other issue will be causing.

    Could you give me the URL ?

    Am working on local system only..wamp server

    This resolved the error for me, but now all links go to my home page instead of the proper page. Site is at http://hudsonvilleeducationfoundation.org.

    Never mind, I was able to resolve the problem by downgrading back to 3.8.3 (following these instructions) and undoing the change proposed in the OP. All is well now. Thank you!

    Thank you Icefall5.
    I don’t understand why the code don’t working.
    It’s ok for me.

    Maybe this :

    if ( !$request ) return $query;
    /*
        $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts  ".
    	            "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".
    	            "  meta_key = 'custom_permalink' AND ".
    	            "  meta_value != '' AND ".
    	            "  ( LOWER(meta_value) = LEFT(LOWER('".mysql_real_escape_string($request_noslash)."'), LENGTH(meta_value)) OR ".
    	            "    LOWER(meta_value) = LEFT(LOWER('".mysql_real_escape_string($request_noslash."/")."'), LENGTH(meta_value)) ) ".
    	            "  AND post_status != 'trash' AND post_type != 'nav_menu_item'".
    	            " ORDER BY LENGTH(meta_value) DESC, ".
    	            " FIELD(post_status,'publish','private','draft','auto-draft','inherit'),".
    	            " FIELD(post_type,'post','page'),".
    	            "$wpdb->posts.ID ASC  LIMIT 1";
    
        $posts = $wpdb->get_results($sql);
    */
      $sql = "SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts  ".
              "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".
              "  meta_key = 'custom_permalink' AND ".
              "  meta_value != '' AND ".
              "  ( LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) OR ".
              "    LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) ) ".
              "  AND post_status != 'trash' AND post_type != 'nav_menu_item'".
              " ORDER BY LENGTH(meta_value) DESC, ".
              " FIELD(post_status,'publish','private','draft','auto-draft','inherit'),".
              " FIELD(post_type,'post','page'),".
              "$wpdb->posts.ID ASC  LIMIT 1";
    
      $posts = $wpdb->get_var( $wpdb->prepare(
        $sql,
        $request_noslash, // an unescaped string (function will do the sanitization for you)
        $request_noslash // an untrusted integer (function will do the sanitization for you)
      )
      );

    I tried that, but for some reason, $wpdb->prepare was adding extra quotes into the second argument for the $sql variable. I found when I moved the trailing slash to be part of the argument to $wpdb->prepare it worked, like so:

    $sql = $wpdb->prepare("SELECT $wpdb->posts.ID, $wpdb->postmeta.meta_value, $wpdb->posts.post_type FROM $wpdb->posts  ".
                        "LEFT JOIN $wpdb->postmeta ON ($wpdb->posts.ID = $wpdb->postmeta.post_id) WHERE ".
                        "  meta_key = 'custom_permalink' AND ".
                        "  meta_value != '' AND ".
                        "  ( LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) OR ".
                        "    LOWER(meta_value) = LEFT(LOWER('%s'), LENGTH(meta_value)) ) ".
                        "  AND post_status != 'trash' AND post_type != 'nav_menu_item'".
                        " ORDER BY LENGTH(meta_value) DESC, ".
                        " FIELD(post_status,'publish','private','draft','auto-draft','inherit'),".
                        " FIELD(post_type,'post','page'),".
                        "$wpdb->posts.ID ASC  LIMIT 1",$request_noslash,$request_noslash . "/");

    Thank you mathew.cantore.
    I don’t know what I was thinking, your solution is much better than mine.

    Twig

    (@palpatine1976)

    Great fix @mathew.cantore

    +1 for this being rolled into next plugin release

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Warning: mysql_real_escape_string() and Custom Permalinks 0.7.18 with PHP 5.5’ is closed to new replies.