Support » Plugin: Peter's Post Notes » WP DB Error

  • Resolved mayuxi

    (@mayuxi)


    Hello, thanks for the great plugin! But recently (after upgrade to WP 3.5), I’ve encountered this error:

    Missing argument 2 for wpdb::prepare(), called in /wp-content/plugins/peters-post-notes/peters_post_notes.php on line 317 and defined in /wp-includes/wp-db.php on line 990

    I just put a post on schedule and attached an editor’s note and this error appeared. How to fix this?

    http://wordpress.org/extend/plugins/peters-post-notes/

Viewing 5 replies - 1 through 5 (of 5 total)
  • Hi mauyxi,
    I just encountered the same problem with Peter’s plugin. Did you find a way to solve this issue?
    Thanks,
    Christian

    Hey, not yet, didn’t dig to it. But I guess it’s related to this problem: http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/

    e.g.:

    Hello plugin or theme author! You possibly found this post after searching the Internet for the error above: “PHP Warning: Missing argument 2 for wpdb::prepare().”

    So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!…

    Thanks mayuxi for the pointer. I just added in the file wp-config.php the following line:

    @ini_set(‘display_errors’, 0);

    and the error disappeared! 🙂

    Let’s hope Peter will fix this issue on his side too.

    Cheers,
    Christian

    Welcome!

    BTW, your solution is not a fix, you just made message disappear, but problem and potential vulnerability is till here. To fix the problem (tip for Peter):

    edit this in peters_post_notes.php:

    $latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT <code>notecontent</code> FROM $ppn_db_notes
                                                            WHERE <code>postid</code> = $post_id
                                                            ORDER BY <code>notetime</code> DESC
                                                            LIMIT 1;" ) );

    to this:

    $latest_note = $wpdb->get_var( $wpdb->prepare( "SELECT 'notecontent' FROM $ppn_db_notes
                                                            WHERE 'postid' = %d
                                                            ORDER BY 'notetime' DESC
                                                            LIMIT 1;", $post_id ), $post_id );

    Plugin Author Peter

    (@pkthree)

    Hi all,

    Thanks for reporting this. It should now be fixed in version 1.4.0 of the plugin.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘WP DB Error’ is closed to new replies.