Wordpress 插件中有以下代码行,不确定是否应该使用准备好的语句:
$original_cart_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_
CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A );
如果应该,下面的更改是否正确?
$original_cart_data = $wpdb->get_results ( $wpdb->prepare ( "SELECT * FROM `" . WPSC_TABLE_
CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A ));
它来自使用 $wpdb 的函数,因此不确定是否确实需要准备好的语句。
对新的 php 学习者的任何指导都会非常有帮助。
如果有帮助,以上部分的完整代码如下:
function collate_cart() {
global $wpdb;
$purchase_id = & $this->purchase_id;
$original_cart_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_
CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A );
foreach ( $original_cart_data as $cart_row ) {
$is_downloadable = false;
if ( $wpdb->get_var( "SELECT `id` FROM `" . WPSC_TABLE_DOWNLOAD_STATUS . "` WHERE `cartid` = {$cart_row['id']}" ) )
$is_downloadable = true;
$is_recurring = (bool)get_post_meta( $cart_row['prodid'], '_wpsc_is_recurring', true );
if ( $is_recurring == true )
$this->cart_data['is_subscription'] = true;
if ( ! $rebill_interval = get_post_meta( $cart_row['prodid'], '_wpsc_rebill_interval', true ) )
$rebill_interval = array();
$new_cart_item = array(
"cart_item_id" => $cart_row['id'],
"product_id" => $cart_row['prodid'],
"name" => $cart_row['name'],
"price" => $cart_row['price'],
"shipping" => $cart_row['pnp'],
"tax" => $cart_row['tax_charged'],
"quantity" => $cart_row['quantity'],
"is_downloadable" => $is_downloadable,
"is_capability" => (bool) wpsc_get_cart_item_meta( $cart_row['id'], 'provided_capabilities', true ),
"is_recurring" => $is_recurring,
"is_subscription" => $is_recurring,
"recurring_data" => array(
"rebill_interval" => array(
'unit' => isset( $rebill_interval['unit'] ) ? $rebill_interval['unit'] : null,
'length' => isset( $rebill_interval['number'] ) ? $rebill_interval['number'] : null,
),
"charge_to_expiry" => (bool)get_post_meta( $cart_row['prodid'], '_wpsc_charge_to_expiry', true ),
"times_to_rebill" => get_post_meta( $cart_row['prodid'], '_wpsc_rebill_number', true )
)
);
$this->cart_items[] = apply_filters( 'wpsc_merchant_collate_cart_item' , $new_cart_item, $this );
}
}
在现有代码中添加了准备好的语句。
wpdb::prepare() 函数,正如官方文档所述,“使用类似 sprintf() 的语法。”
所以:
$original_cart_data = $wpdb->get_results(
$wpdb->prepare(
"SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid` = %d",
$purchase_id
),
ARRAY_A
);
查看 PHP 的 sprintf() 文档以了解其工作原理可能是个好主意,因为这就是
prepare()
基本上所做的一切,除了查询之外。