Peter's Post Notes
[resolved] WP DB Error (6 posts)

  1. mayuxi
    Posted 3 years ago #

    Hello, thanks for the great plugin! But recently (after upgrade to WP 3.5), I've encountered this error:

    Missing argument 2 for wpdb::prepare(), called in /wp-content/plugins/peters-post-notes/peters_post_notes.php on line 317 and defined in /wp-includes/wp-db.php on line 990

    I just put a post on schedule and attached an editor's note and this error appeared. How to fix this?


  2. pezzin
    Posted 3 years ago #

    Hi mauyxi,
    I just encountered the same problem with Peter's plugin. Did you find a way to solve this issue?

  3. mayuxi
    Posted 3 years ago #

    Hey, not yet, didn't dig to it. But I guess it's related to this problem: http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/


    Hello plugin or theme author! You possibly found this post after searching the Internet for the error above: “PHP Warning: Missing argument 2 for wpdb::prepare().”

    So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!...

  4. pezzin
    Posted 3 years ago #

    Thanks mayuxi for the pointer. I just added in the file wp-config.php the following line:

    @ini_set('display_errors', 0);

    and the error disappeared! :)

    Let's hope Peter will fix this issue on his side too.


  5. mayuxi
    Posted 3 years ago #


    BTW, your solution is not a fix, you just made message disappear, but problem and potential vulnerability is till here. To fix the problem (tip for Peter):

    edit this in peters_post_notes.php:

    $latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT <code>notecontent</code> FROM $ppn_db_notes
                                                            WHERE <code>postid</code> = $post_id
                                                            ORDER BY <code>notetime</code> DESC
                                                            LIMIT 1;" ) );

    to this:

    $latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT 'notecontent' FROM $ppn_db_notes
                                                            WHERE 'postid' = %d
                                                            ORDER BY 'notetime' DESC
                                                            LIMIT 1;", $post_id ), $post_id );
  6. Peter
    Plugin Author

    Posted 3 years ago #

    Hi all,

    Thanks for reporting this. It should now be fixed in version 1.4.0 of the plugin.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Peter's Post Notes
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.