以下代码行是否应该使用准备好的语句 $wpdb->prepare

问题描述 投票:0回答:1

Wordpress 插件中有以下代码行,不确定是否应该使用准备好的语句:

$original_cart_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_
CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A );

如果应该,下面的更改是否正确?

$original_cart_data = $wpdb->get_results ( $wpdb->prepare ( "SELECT * FROM `" . WPSC_TABLE_
CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A ));

它来自使用 $wpdb 的函数,因此不确定是否确实需要准备好的语句。

对新的 php 学习者的任何指导都会非常有帮助。

如果有帮助,以上部分的完整代码如下:

function collate_cart() {
    global $wpdb;
    $purchase_id = & $this->purchase_id;
    $original_cart_data = $wpdb->get_results( "SELECT * FROM `" . WPSC_TABLE_


    CART_CONTENTS . "` WHERE `purchaseid` = {$purchase_id}", ARRAY_A );

    foreach ( $original_cart_data as $cart_row ) {
        $is_downloadable = false;

        if ( $wpdb->get_var( "SELECT `id` FROM `" . WPSC_TABLE_DOWNLOAD_STATUS . "` WHERE `cartid` = {$cart_row['id']}" ) )
            $is_downloadable = true;

        $is_recurring = (bool)get_post_meta( $cart_row['prodid'], '_wpsc_is_recurring', true );

        if ( $is_recurring == true )
            $this->cart_data['is_subscription'] = true;


        if ( ! $rebill_interval = get_post_meta( $cart_row['prodid'], '_wpsc_rebill_interval', true ) )
            $rebill_interval = array();


        $new_cart_item = array(
            "cart_item_id"         => $cart_row['id'],
            "product_id"           => $cart_row['prodid'],
            "name"                 => $cart_row['name'],
            "price"                => $cart_row['price'],
            "shipping"             => $cart_row['pnp'],
            "tax"                  => $cart_row['tax_charged'],
            "quantity"             => $cart_row['quantity'],
            "is_downloadable"      => $is_downloadable,
            "is_capability"        => (bool) wpsc_get_cart_item_meta( $cart_row['id'], 'provided_capabilities', true ),
            "is_recurring"         => $is_recurring,
            "is_subscription"      => $is_recurring,
            "recurring_data"       => array(
                "rebill_interval"  => array(
                    'unit'         => isset( $rebill_interval['unit'] ) ? $rebill_interval['unit'] : null,
                    'length'       => isset( $rebill_interval['number'] ) ? $rebill_interval['number'] : null,
                ),
                "charge_to_expiry" => (bool)get_post_meta( $cart_row['prodid'], '_wpsc_charge_to_expiry', true ),
                "times_to_rebill"  => get_post_meta( $cart_row['prodid'], '_wpsc_rebill_number', true )
            )
        );

        $this->cart_items[] = apply_filters( 'wpsc_merchant_collate_cart_item' , $new_cart_item, $this );
    }
}

在现有代码中添加了准备好的语句。

php sql wordpress plugins prepared-statement
1个回答
0
投票

wpdb::prepare() 函数,正如官方文档所述,“使用类似 sprintf() 的语法。”

所以:

$original_cart_data = $wpdb->get_results(
    $wpdb->prepare(
        "SELECT * FROM `" . WPSC_TABLE_CART_CONTENTS . "` WHERE `purchaseid` = %d", 
        $purchase_id
    ),
    ARRAY_A
);

查看 PHP 的 sprintf() 文档以了解其工作原理可能是个好主意,因为这就是 

prepare()
基本上所做的一切,除了查询之外。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.