private function _activateMail() { global $guiform, $wpdb; $mv_code = esc_sql(trim($_GET['mv-code'])); $id = $_REQUEST[$guiform->getOption('permalink')->value['value']]; $data = $wpdb->get_row($wpdb->prepare("SELECT name, value FROM {$wpdb->guiform_options} WHERE id = %d", $id)); $row = unserialize($data->value); if ($row['key'] == $mv_code) { $row['key'] = ''; $row['status'] = 1; $guiform->updateOption($data->name, $row, 'mail', $id); $blog_id = get_current_blog_id(); $path = "admin.php?page=guiform-settings&tab=mail"; $path = get_admin_url($blog_id, $path); $html = "<strong>Congratulations!</strong><br /><br />\n\t\t\t\t\t\t\tYou can now use " . $data->name . " for sending confirmation message with your form.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />"; echo GuiForm_Module_Ajax::emailTpl($html); } else { $blog_id = get_current_blog_id(); $path = "admin.php?page=guiform-settings&tab=mail"; $path = get_admin_url($blog_id, $path); $html = "<strong>Invalid Code!</strong><br /><br />\n\t\t\t\t\t\t\tYou entered invalid email verification code. Please check your email or send a new verification code request.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />"; echo GuiForm_Module_Ajax::emailTpl($html); } die; }
function pmpro_upgrade_1_8_6_9_ajax() { global $wpdb; //keeping track of which order we're working on $last_order_id = get_option('pmpro_upgrade_1_8_6_9_last_order_id', 0); //get orders $orders = $wpdb->get_results("SELECT id, user_id, membership_id, subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE id > {$last_order_id} AND gateway = 'stripe' AND subscription_transaction_id LIKE 'cus_%' ORDER BY id LIMIT 100"); if (empty($orders)) { //done with this update pmpro_removeUpdate('pmpro_upgrade_1_8_6_9_ajax'); delete_option('pmpro_upgrade_1_8_6_9_last_order_id'); } else { $subids = array(); //cache of subids found foreach ($orders as $order) { $last_order_id = $order->id; //keeping track of the last order we processed if (!empty($subids[$order->subscription_transaction_id])) { $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subids[$order->subscription_transaction_id]) . "' WHERE id = '" . $order->id . "' LIMIT 1"); } elseif (isset($subids[$order->subscription_transaction_id])) { //no sub id found, so let it go } else { //need to look for a sub id in the database $subid = $wpdb->get_var("SELECT subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE membership_id = '" . $order->membership_id . "' AND user_id = '" . $order->user_id . "' AND subscription_transaction_id LIKE 'sub_%' LIMIT 1"); $subids[$order->subscription_transaction_id] = $subid; if (!empty($subid)) { $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subid) . "' WHERE id = '" . $order->id . "' LIMIT 1"); } else { //no sub id found, so let it go } } } update_option('pmpro_upgrade_1_8_6_9_last_order_id', $last_order_id); } }
/** * Delete meta keys * * @global type $wpdb * @param type $keys * @param type $post_id * @return type */ static function delete_meta_key($keys, $post_id = null) { if (empty($keys) || !count($keys)) { return false; } global $wpdb; $extra = !empty($post_id) ? 'post_id = ' . esc_sql($post_id) . ' AND' : ''; $sql = "DELETE FROM {$wpdb->postmeta} WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")"; // Call $wpdb->prepare passing the values of the array as separate arguments $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys)); $wpdb->query($query); // del all blog if (is_network_admin()) { // get list id blog all $list_prefix_musite = $wpdb->get_results("SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A); if ($list_prefix_musite && count($list_prefix_musite) > 1) { foreach ($list_prefix_musite as $key => $value) { if ($value['blog_id'] == 1) { continue; } $prefix = $wpdb->prefix . $value['blog_id'] . '_'; $sql = "DELETE FROM {$prefix}postmeta WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")"; // Call $wpdb->prepare passing the values of the array as separate arguments $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys)); $wpdb->query($query); } } } }
public function prepare_items() { global $wpdb; $per_page = 10; $this->_column_headers = array($this->get_columns(), $this->get_hidden_columns(), $this->get_sortable_columns()); // Строим запрос // where ---- $where = 'WHERE 1'; if ($s = @$_GET['s']) { $like = '%' . $wpdb->esc_like($s) . '%'; $where .= $wpdb->prepare(" AND ( question LIKE %s OR id IN (SELECT qid from {$wpdb->democracy_a} WHERE answer LIKE %s) ) ", $like, $like); //die( $where ); } // пагинация $this->set_pagination_args(array('total_items' => $wpdb->get_var("SELECT count(*) FROM {$wpdb->democracy_q} {$where}"), 'per_page' => $per_page)); $cur_page = (int) $this->get_pagenum(); // после set_pagination_args() // orderby offset $OFFSET = 'LIMIT ' . (($cur_page - 1) * $per_page . ',' . $per_page); $order = @$_GET['order'] == 'asc' ? 'ASC' : 'DESC'; $orderby = @$_GET['orderby'] ?: 'id'; $ORDER_BY = sprintf("ORDER BY %s %s", esc_sql($orderby), $order); // выполняем запрос $sql = "SELECT * FROM {$wpdb->democracy_q} {$where} {$ORDER_BY} {$OFFSET}"; $this->items = $wpdb->get_results($sql); }
function sf_acf_check_args_for_checkboxes($args) { if (!isset($args['meta_query'])) { return $args; } $acf_fields = array(); foreach ($args['meta_query'] as $key => $val) { $is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key'])); if ($is_checkbox['add_this']) { $acf_fields[] = $val; unset($args['meta_query'][$key]); } } $where_meta = array(); foreach ($acf_fields as $field) { if (!is_array($field['value'])) { $where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";'; } else { foreach ($field['value'] as $fv) { $where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";'; } } } if (count($where_meta) > 0) { add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2); add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2); add_filter('posts_groupby', 'sf_groupby'); $args['sf-acfcheckbox-meta'] = $where_meta; } return $args; }
protected function __format_search() { $this->s_query = explode("-", $this->options['s_query']); $this->s_query = implode(" ", $this->s_query); $this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%'; // Thanks Manny Fleurmond }
function get_links($args) { global $wpdb; $where = ''; extract($args); if (!empty($filter_links)) { $where .= " AND (link_name LIKE '%" . esc_sql($filter_links) . "%' OR link_url LIKE '%" . esc_sql($filter_links) . "%')"; } $linkcats = $this->getLinkCats(); $sql_query = "{$wpdb->links} WHERE 1=1 " . $where; $links_total = $wpdb->get_results("SELECT count(*) as total_links FROM " . $sql_query); $total = $links_total[0]->total_links; $query_links = $wpdb->get_results("SELECT link_id, link_url, link_name, link_target, link_visible, link_rating, link_rel FROM " . $sql_query . " ORDER BY link_name ASC LIMIT 500"); $links = array(); foreach ($query_links as $link_info) { $link_cat = $linkcats[$link_info->link_id]; $cats = array(); if (!empty($link_cat)) { foreach ($link_cat as $catkey => $catval) { $cats[] = $catval; } } $links[$link_info->link_id] = array("link_url" => $link_info->link_url, "link_name" => $link_info->link_name, "link_target" => $link_info->link_target, "link_visible" => $link_info->link_visible, "link_rating" => $link_info->link_rating, "link_rel" => $link_info->link_rel, "link_cats" => $cats); } return array('links' => $links, 'total' => $total); }
/** * Upload * Ajax callback function * * @return string Error or (XML-)response */ static function handle_upload() { global $wpdb; $post_id = is_numeric($_REQUEST['post_id']) ? $_REQUEST['post_id'] : 0; $field_id = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : ''; check_ajax_referer("rwmb-upload-images_{$field_id}"); // You can use WP's wp_handle_upload() function: $file = $_FILES['async-upload']; $file_attr = wp_handle_upload($file, array('test_form' => false)); //Get next menu_order $meta = get_post_meta($post_id, $field_id, false); if (empty($meta)) { $next = 0; } else { $meta = esc_sql(implode(',', (array) $meta)); $max = $wpdb->get_var("\n\t\t\t\t\tSELECT MAX(menu_order) FROM {$wpdb->posts}\n\t\t\t\t\tWHERE post_type = 'attachment'\n\t\t\t\t\tAND ID in ({$meta})\n\t\t\t\t"); $next = is_numeric($max) ? (int) $max + 1 : 0; } $attachment = array('guid' => $file_attr['url'], 'post_mime_type' => $file_attr['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($file['name'])), 'post_content' => '', 'post_status' => 'inherit', 'menu_order' => $next); // Adds file as attachment to WordPress $id = wp_insert_attachment($attachment, $file_attr['file'], $post_id); if (!is_wp_error($id)) { wp_update_attachment_metadata($id, wp_generate_attachment_metadata($id, $file_attr['file'])); // Save file ID in meta field add_post_meta($post_id, $field_id, $id, false); wp_send_json_success(self::img_html($id)); } exit; }
function do_acps_install() { //Setup default options acps_default_options(); //Try to create new page for results acps_create_page(esc_sql(_x('advanced-search', 'page_slug', 'acps')), 'acps_options', __('Advanced Search', 'acps'), '[acps_results]'); }
function query_modify($obj) { global $args; global $db_prefix; $obj['where'] = " AND ( ( " . $db_prefix . "postmeta.meta_key LIKE 'content_areas_%_body_content' AND " . $db_prefix . "posts.post_type = 'page' AND CAST(" . $db_prefix . "postmeta.meta_value AS CHAR) LIKE '%" . esc_sql($args['s']) . "%' ) AND ( mt1.meta_key = '_wp_page_template' AND CAST(mt1.meta_value AS CHAR) = 'general-interior.php' ) ) OR (((" . $db_prefix . "posts.post_title LIKE '%" . esc_sql($args['s']) . "%') OR (" . $db_prefix . "posts.post_content LIKE '%" . esc_sql($args['s']) . "%')) AND " . $db_prefix . "posts.post_type IN ('post', 'team', 'projects')) AND ((" . $db_prefix . "posts.post_status = 'publish')) "; return $obj; }
function prepare_items() { global $wpdb; $this->process_bulk_action(); $query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE id !=1 "; if (isset($_POST['s'])) { $query .= " AND alias LIKE '%" . strip_tags($_POST['s']) . "%' "; } $orderby = !empty($_GET["orderby"]) ? esc_sql($_GET["orderby"]) : 'id'; $order = !empty($_GET["order"]) ? esc_sql($_GET["order"]) : 'DESC'; $sortable_columns = $this->get_sortable_columns(); $orderby = SwpmUtils::sanitize_value_by_array($orderby, $sortable_columns); $order = SwpmUtils::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1')); if (!empty($orderby) && !empty($order)) { $query .= ' ORDER BY ' . $orderby . ' ' . $order; } $totalitems = $wpdb->query($query); //return the total number of affected rows $perpage = 20; $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : ''; if (empty($paged) || !is_numeric($paged) || $paged <= 0) { $paged = 1; } $totalpages = ceil($totalitems / $perpage); if (!empty($paged) && !empty($perpage)) { $offset = ($paged - 1) * $perpage; $query .= ' LIMIT ' . (int) $offset . ',' . (int) $perpage; } $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage)); $columns = $this->get_columns(); $hidden = array(); $sortable = $this->get_sortable_columns(); $this->_column_headers = array($columns, $hidden, $sortable); $this->items = $wpdb->get_results($query, ARRAY_A); }
/** * Searches the database for a plugin * * @param string $id The slug of the plugin * * @return object The results from the database **/ public static function find($id) { $id = esc_sql($id); $self = new static(); $query = $self->builder->where('id', '=', $id); return $query->first(); }
function prepare_items() { $all_categories = array(); $all_cat_ids = get_categories(array('hide_empty' => '0')); $totalitems = count($all_cat_ids); $perpage = 100; $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : ''; if (empty($paged) || !is_numeric($paged) || $paged <= 0) { $paged = 1; } $totalpages = ceil($totalitems / $perpage); $offset = 0; if (!empty($paged) && !empty($perpage)) { $offset = ($paged - 1) * $perpage; } for ($i = $offset; $i < (int) $offset + (int) $perpage && !empty($all_cat_ids[$i]); $i++) { $all_categories[] = $all_cat_ids[$i]; } $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage)); $columns = $this->get_columns(); $hidden = array(); $sortable = $this->get_sortable_columns(); $this->_column_headers = array($columns, $hidden, $sortable); $this->items = $all_categories; }
public function appendConditionSomethingIn($heystack, $needles, $glue = 'AND', $not_in = false) { force_array($needles); $n_needles = count($needles); if ($n_needles === 1) { $symbol = $not_in ? '!=' : '='; $this->appendCondition(sprintf("{$heystack} {$symbol} '%s'", esc_sql($needles[0])), $glue); return $this; } $values = ''; for ($i = 0; $i < $n_needles; $i++) { if ($i != 0) { $values .= ', '; } $values .= single_quotes(esc_sql($needles[$i])); } if ($values !== '') { if ($not_in) { $this->appendCondition("{$heystack} NOT IN ({$values})", $glue); } else { $this->appendCondition("{$heystack} IN ({$values})", $glue); } } return $this; }
/** * Create pages that the plugin relies on, storing page id's in variables. * * @access public * @return void */ function wcmp_product_vendor_plugin_create_pages() { global $WCMp; // Dc_demo_plugins test page $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_dashboard', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_dashboard_page_id', __('Vendor Dashboard', $WCMp->text_domain), '[vendor_dashboard]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_shop_settings', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shop_settings_page_id', __('Shop Settings', $WCMp->text_domain), '[shop_settings]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_orders', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_orders_page_id', __('Vendor Orders', $WCMp->text_domain), '[vendor_orders]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_order_detail', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_order_detail_page_id', __('Vendor Order Details', $WCMp->text_domain), '[vendor_order_detail]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_withdrawal_request', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_widthdrawal_page_id', __('Withdrawal Request Status', $WCMp->text_domain), '[transaction_thankyou]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_transaction_details', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_details_page_id', __('Transaction Details', $WCMp->text_domain), '[transaction_details]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_policies', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_policies_page_id', __('Vendor Policies', $WCMp->text_domain), '[vendor_policies]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_billing', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_billing_page_id', __('Vendor Billing', $WCMp->text_domain), '[vendor_billing]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_shipping', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shipping_page_id', __('Vendor Shipping', $WCMp->text_domain), '[vendor_shipping_settings]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_report', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_report_page_id', __('Vendor Reports', $WCMp->text_domain), '[vendor_report]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_widthdrawals', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_widthdrawals_page_id', __('Vendor Widthdrawals', $WCMp->text_domain), '[vendor_widthdrawals]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_university', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_university_page_id', __('Vendor University', $WCMp->text_domain), '[vendor_university]'); $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_messages', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_messages_page_id', __('Vendor Messages', $WCMp->text_domain), '[vendor_messages]'); $array_pages = array(); $array_pages['vendor_dashboard'] = get_option('wcmp_product_vendor_vendor_dashboard_page_id'); $array_pages['shop_settings'] = get_option('wcmp_product_vendor_shop_settings_page_id'); $array_pages['view_order'] = get_option('wcmp_product_vendor_vendor_orders_page_id'); $array_pages['vendor_order_detail'] = get_option('wcmp_product_vendor_vendor_order_detail_page_id'); $array_pages['vendor_transaction_thankyou'] = get_option('wcmp_product_vendor_transaction_widthdrawal_page_id'); $array_pages['vendor_transaction_detail'] = get_option('wcmp_product_vendor_transaction_details_page_id'); $array_pages['vendor_policies'] = get_option('wcmp_product_vendor_policies_page_id'); $array_pages['vendor_billing'] = get_option('wcmp_product_vendor_billing_page_id'); $array_pages['vendor_shipping'] = get_option('wcmp_product_vendor_shipping_page_id'); $array_pages['vendor_report'] = get_option('wcmp_product_vendor_report_page_id'); $array_pages['vendor_widthdrawals'] = get_option('wcmp_product_vendor_widthdrawals_page_id'); $array_pages['vendor_university'] = get_option('wcmp_product_vendor_university_page_id'); $array_pages['vendor_messages'] = get_option('wcmp_product_vendor_messages_page_id'); update_option('wcmp_pages_settings_name', $array_pages); }
/** * Prepare items to be displayed and setup pagination data */ public function prepare_items() { $wpdb = Follow_Up_Emails::instance()->wpdb; $columns = $this->get_columns(); $hidden = array(); $sortable = array(); $this->_column_headers = array($columns, $hidden, $sortable); $per_page = 20; $page = empty($_GET['paged']) ? 1 : absint($_GET['paged']); $start = $per_page * $page - $per_page; $sql = "SELECT SQL_CALC_FOUND_ROWS *\n FROM {$wpdb->prefix}followup_email_orders eo, {$wpdb->posts} p\n WHERE 1=1\n AND eo.is_sent = 0\n AND p.ID = eo.email_id"; if (!empty($_GET['_customer_user'])) { // filter by user id/user email $user = new WP_User($_GET['_customer_user']); $user_email = $user->billing_email; if (empty($user_email)) { $user_email = $user->user_email; } $sql .= " AND (\n user_id = " . esc_sql(absint($user->ID)) . " OR\n user_email = '" . esc_sql(sanitize_email($user_email)) . "'\n )"; } $sql .= " ORDER BY send_on DESC LIMIT {$start},{$per_page}"; $this->items = $wpdb->get_results($sql, ARRAY_A); $total_items = $wpdb->get_var("SELECT FOUND_ROWS()"); $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page)); }
function prepare_items() { global $frmdb, $wpdb, $per_page, $frm_settings, $frm_form, $frm_app_helper; $paged = $this->get_pagenum(); $default_orderby = 'name'; $default_order = 'ASC'; $orderby = isset($_REQUEST['orderby']) ? $_REQUEST['orderby'] : $default_orderby; $order = isset($_REQUEST['order']) ? $_REQUEST['order'] : $default_order; $page = $this->get_pagenum(); $default_count = empty($this->page_name) ? 20 : 10; $per_page = $this->get_items_per_page('formidable_page_formidable' . str_replace('-', '_', $this->page_name) . '_per_page', $default_count); $start = isset($_REQUEST['start']) ? $_REQUEST['start'] : ($page - 1) * $per_page; $s = isset($_REQUEST['s']) ? $_REQUEST['s'] : ''; $fid = isset($_REQUEST['fid']) ? $_REQUEST['fid'] : ''; if ($s != '') { $s = stripslashes($s); preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); $search_terms = array_map('_search_terms_tidy', $matches[0]); } $s_query = " (status is NULL OR status = '' OR status = 'published') AND default_template=0 AND is_template = " . (int) $this->params['template']; if ($s != '') { foreach ((array) $search_terms as $term) { $term = esc_sql(like_escape($term)); if (!empty($s_query)) { $s_query .= " AND"; } $s_query .= " (name like '%{$term}%' OR description like '%{$term}%' OR created_at like '%{$term}%')"; unset($term); } } $this->items = $frm_form->getAll($s_query, " ORDER BY {$orderby} {$order}", " LIMIT {$start}, {$per_page}", true, false); $total_items = $frm_app_helper->getRecordCount($s_query, $this->table_name); $this->set_pagination_args(array('total_items' => $total_items, 'per_page' => $per_page)); }
/** * Product ID by slug. * * @since 160727 WC product utils. * * @param string $slug Product slug. * @param bool $no_cache Bypass cache check? * * @return int Product ID. */ public function idBySlug(string $slug, bool $no_cache = false) : int { static $product_ids; if (!($slug = (string) $slug)) { return 0; // Not possible. } elseif (isset($product_ids[$slug])) { return $product_ids[$slug]; } elseif ((string) (int) $slug === $slug) { return $product_ids[$slug] = (int) $slug; } $WpDb = $this->s::wpDb(); // DB instance. $sql = ' SELECT `ID` FROM `' . esc_sql($WpDb->posts) . '` WHERE `post_type` IN(\'product\', \'product_variation\') AND `post_name` = %s LIMIT 1'; $sql = $WpDb->prepare($sql, $slug); // Prepare. if ($product_id = (int) $WpDb->get_var($sql)) { return $product_ids[$slug] = $product_id; } return $product_ids[$slug] = 0; // Not possible. }
/** * Backs up a single database table using the WordPress database class. * @access public * @param string $table The database table to backup. * @return boolean */ public function backup_table_wpdb($table) { $table = esc_sql($table); // Initialize the results, ultimately stored in the backup file. $results = ''; // An empty array to store the queries for the table in later. $queries = array(); // Grab the SQL needed to create the table. $show_create = $this->wpdb->get_row("SHOW CREATE TABLE `{$table}`"); $want = 'Create Table'; if ($show_create) { // Store the table schema in the backup file. $results .= "DROP TABLE IF EXISTS `{$table}`;" . PHP_EOL; $results .= $show_create->{$want} . ';' . PHP_EOL; // Grab the content of the database table. foreach ($this->wpdb->get_results("SELECT * FROM `{$table}`") as $row) { $vals = array(); foreach (get_object_vars($row) as $i => $v) { $vals[] = sprintf("'%s'", esc_sql($v)); } $queries[] = sprintf("(%s)", implode(',', $vals)); } if (0 !== count($queries)) { // Implode the queries and generate the rest of the SQL file. $results .= "LOCK TABLES `{$table}` WRITE;" . PHP_EOL; $results .= "INSERT INTO `{$table}` VALUES " . implode(', ', $queries) . ';' . PHP_EOL; $results .= 'UNLOCK TABLES;' . PHP_EOL; } } // Store the contents of the SQL file. file_put_contents($this->backup_dir . "revisr_{$table}.sql", $results); $this->add_table($table); // Verify the backup was successful and return a boolean. return $this->verify_backup($table); }
/** * WPSC get state by id function, gets either state code or state name depending on param * * @since 3.7 * $param int $id the id for the region * @param string $return_value either 'name' or 'code' depending on what you want returned */ function wpsc_get_state_by_id($id, $return_value) { global $wpdb; $sql = $wpdb->prepare("SELECT " . esc_sql($return_value) . " FROM `" . WPSC_TABLE_REGION_TAX . "` WHERE `id`= %d", $id); $value = $wpdb->get_var($sql); return $value; }
public function run() { // Check nonce if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'sp_ajax_sc_gpp')) { echo '-1'; return; } $identifier = esc_sql($_POST['identifier']); $ptl_manager = new SP_Connection_Manager(); if (isset($_POST['by_slug']) && 'true' == $_POST['by_slug']) { $ptl = $ptl_manager->get_link_by_slug($identifier); } else { $ptl = $ptl_manager->get_link($identifier); } // Get children $parent_posts = get_posts(array('post_type' => $ptl->get_child(), 'posts_per_page' => -1, 'orderby' => 'title', 'order' => 'ASC')); $json_posts = array(); if (count($parent_posts) > 0) { foreach ($parent_posts as $parent_post) { $json_posts[$parent_post->ID] = $parent_post->post_title; } } // Send the JSON wp_send_json($json_posts); exit; // Better safe than sorry lol }
function update($new_instance, $old_instance) { $instance = $old_instance; $instance['product_id'] = esc_sql($new_instance['product_id']); $instance['title'] = sanitize_text_field($new_instance['title']); return $instance; }
function a3_portfolio_set_global_page() { global $wpdb, $portfolio_page_name, $portfolio_page_id; $portfolio_page_id = get_option('portfolio_page_id'); $page_data = null; if ($portfolio_page_id != false) { $page_data = $wpdb->get_row($wpdb->prepare("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `post_content` LIKE '%[portfoliopage]%' AND `ID` = %d AND `post_type` = 'page' AND `post_status` = 'publish' LIMIT 1", $portfolio_page_id)); } if ($page_data == null) { $page_data = $wpdb->get_row("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `post_content` LIKE '%[portfoliopage]%' AND `post_type` = 'page' AND `post_status` = 'publish' ORDER BY ID DESC LIMIT 1"); if ($page_data) { update_option('portfolio_page_id', $page_data->ID); } } if ($page_data == null) { $portfolio_page_id_created = a3_portfolio_create_page(esc_sql('portfolios'), '', __('Portfolios', 'a3_portfolios'), '[portfoliopage]'); update_option('portfolio_page_id', $portfolio_page_id_created); $page_data = $wpdb->get_row($wpdb->prepare("SELECT ID, post_name FROM `" . $wpdb->posts . "` WHERE `ID` = %d LIMIT 1", $portfolio_page_id_created)); } $portfolio_page_id = $page_data->ID; $portfolio_page_name = $page_data->post_name; // For WPML if (class_exists('SitePress')) { global $sitepress; $translation_page_data = null; $translation_page_data = $wpdb->get_row($wpdb->prepare("SELECT element_id FROM " . $wpdb->prefix . "icl_translations WHERE trid = %d AND element_type='post_page' AND language_code = %s LIMIT 1", $portfolio_page_id, $sitepress->get_current_language())); if ($translation_page_data != null) { $portfolio_page_id = $translation_page_data->element_id; $portfolio_page_wpml = get_post($portfolio_page_id); $portfolio_page_name = $portfolio_page_wpml->post_name; } } }
public function job_run(BackWPup_Job $job_object) { global $wpdb; $job_object->substeps_todo = 1; $job_object->log(sprintf(__('%d. Trying to generate a file with installed widget names …', 'backwpup'), $job_object->steps_data[$job_object->step_working]['STEP_TRY'])); //build filename if (empty($job_object->temp['widgetlistfile'])) { $job_object->temp['widgetlistfile'] = $job_object->generate_filename($job_object->job['widgetlistfile'], 'sql') . $job_object->job['widgetlistfilecompression']; } $handle = fopen($job_object->temp['widgetlistfile'], 'w'); if ($handle) { $query = "SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'widget_%'"; $rows = $wpdb->get_results($query); $header = ''; foreach ($rows as $row) { $header .= "INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES" . "('" . esc_sql($row->option_name) . "', '" . esc_sql($row->option_value) . "', '" . esc_sql($row->autoload) . "')" . "ON DUPLICATE KEY UPDATE option_value = '" . esc_sql($row->option_value) . "';\n"; } $query = "SELECT * FROM {$wpdb->options} WHERE option_name = 'sidebars_widgets'"; $rows = $wpdb->get_results($query); foreach ($rows as $row) { $header .= "INSERT INTO {$wpdb->options} (option_name, option_value, autoload) VALUES" . "('" . esc_sql($row->option_name) . "', '" . esc_sql($row->option_value) . "', '" . esc_sql($row->autoload) . "')" . "ON DUPLICATE KEY UPDATE option_value = '" . esc_sql($row->option_value) . "';\n"; } fwrite($handle, $header); fclose($handle); } else { $job_object->log(__('Can not open target file for writing.', 'backwpup'), E_USER_ERROR); return FALSE; } if ($job_object->temp['widgetlistfile']) { $job_object->additional_files_to_backup[] = $job_object->temp['widgetlistfile']; $job_object->log(sprintf(__('Added widget list file "%1$s" with %2$s to backup file list.', 'backwpup'), $job_object->temp['widgetlistfile'], size_format($job_object->temp['widgetlistfile']), 2)); } $job_object->substeps_done = 1; return TRUE; }
/** * When the post is saved, saves our custom data. * * @param int $post_id The ID of the post being saved. */ function perpageath_save_postdata($post_id) { /* * We need to verify this came from the our screen and with proper authorization, * because save_post can be triggered at other times. */ // Check if our nonce is set. if (!isset($_POST['athcontent'])) { return $post_id; } $nonce = $_POST['athcontent']; // Verify that the nonce is valid. if (!wp_verify_nonce($nonce, 'athcallback')) { return $post_id; } // If this is an autosave, our form has not been submitted, so we don't want to do anything. if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return $post_id; } // Check the user's permissions. if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_id)) { return $post_id; } } else { if (!current_user_can('edit_post', $post_id)) { return $post_id; } } /* OK, its safe for us to save the data now. */ // Sanitize user input. $mydata = esc_sql(str_replace(array("\r\n", "\r", "\n"), '%BREAK%', $_POST['per-page-ath'])); // Update the meta field in the database. update_post_meta($post_id, 'per-page-ath-content', $mydata); }
public function __construct($file_name) { global $wpdb; $this->strings = array(); $this->error_str = ''; $this->lines = file($file_name); $fuzzy = 0; $name = false; $context = ''; for ($k = 0; $k < count($this->lines); $k++) { $date_time_flag = false; if (0 === strpos($this->lines[$k], '#, fuzzy')) { $fuzzy = 1; $k++; } if (0 === strpos($this->lines[$k], '# wpml-name: ')) { $name = preg_replace("/^# wpml-name: /i", '', trim($this->lines[$k])); $k++; } if (preg_match('#msgctxt "(.*)"#im', trim($this->lines[$k]), $matches)) { //we look for the line that poedit needs for unique identification of the string $context = $matches[1]; //if ( preg_match( '/wpmldatei18/', $this->lines[ $k ] ) ) { //if it contains the date_time setting we add the flag to escape the control structures in the date time placeholder string // $date_time_flag = true; //} $k++; } $int = preg_match('#msgid "(.*)"#im', trim($this->lines[$k]), $matches); if ($int) { list($string, $k) = $this->get_string($matches[1], $k); $int = preg_match('#msgstr "(.*)"#im', trim($this->lines[$k + 1]), $matches); if ($int) { list($translation, $k) = $this->get_string($matches[1], $k + 1); } else { $translation = ""; } if ($name === false) { $name = md5($string); } if ($string) { $string_exists = $wpdb->get_var($wpdb->prepare("\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tSELECT id FROM {$wpdb->prefix}icl_strings \n\t\t\t\t\t\t\t\t\t\t\t\t\t\tWHERE context=%s AND name=%s AND gettext_context=%s", esc_sql($_POST['icl_st_i_context_new'] ? $_POST['icl_st_i_context_new'] : $_POST['icl_st_i_context']), $name, $context)); if ($date_time_flag) { $string = str_replace("\\\\", "\\", $string); $translation = str_replace("\\\\", "\\", $translation); $name = str_replace("\\\\", "\\", $name); } $this->strings[] = array('string' => $string, 'translation' => $translation, 'name' => $name, 'fuzzy' => $fuzzy, 'exists' => $string_exists, 'context' => $context); } $k++; $name = false; $context = ''; } if ($k < count($this->lines) && !trim($this->lines[$k])) { $fuzzy = 0; } } if (empty($this->strings)) { $this->error_str = __('No string found', 'wpml-string-translation'); } }
static function array_to_sql($values) { foreach ($values as &$val) { $val = "'" . esc_sql(trim($val)) . "'"; } return implode(',', $values); }
function ts_essentials_escape($str = '', $type = '', $context = '') { if (trim($str)) { if ($type == 'strip') { if ($context == 'widget_before_after') { return strip_tags($str, '<div><ul><li>'); } elseif ($context == 'widget_title_before_after') { return strip_tags($str, '<div><ul><li><h3><h4><h5><h6><strong><em><i><b><span>'); } elseif (substr($context, 0, 1) == '<') { return strip_tags($str, $context); } else { return strip_tags($str); } } elseif ($type == 'bal' || $type == 'balance') { return balanceTags($str); } elseif ($type == 'attr') { return esc_attr($str); } elseif ($type == 'html') { return esc_html($str); } elseif ($type == 'url') { return esc_url($str); } elseif ($type == 'js') { return esc_js($str); } elseif ($type == 'textarea') { return esc_textarea($str); } elseif ($type == 'sql') { return esc_sql($str); } elseif ($type == 'post') { return wp_kses_post($str); } } return $str; }
public static function getUser($jwt) { global $wpdb; if ($jwt instanceof WP_User) { return $jwt; } $user_property = esc_sql(JWT_AUTH_Options::get('user_property')); $jwt_attribute = JWT_AUTH_Options::get('jwt_attribute'); if (trim($user_property) == '' || trim($jwt_attribute) == '') { return; } $id = $jwt->{$jwt_attribute}; $sql = 'SELECT u.* FROM ' . $wpdb->users . ' WHERE ' . $user_property . ' = %s'; $userRow = $wpdb->get_row($wpdb->prepare($sql, $id)); if (is_null($userRow)) { return null; } elseif ($userRow instanceof WP_Error) { self::insertAuth0Error('findAuth0User', $userRow); return null; } $user = new WP_User(); $user->init($userRow); return $user; }
public function prepare_items() { global $wpdb; $per_page = 20; $this->_column_headers = array($this->get_columns(), $this->get_hidden_columns(), $this->get_sortable_columns()); // Строим запрос // where ---- $where = 'WHERE 1'; if ($this->poll_id) { $where .= ' AND qid = ' . $this->poll_id; } if ($userid = (int) @$_GET['userid']) { $where .= ' AND userid = ' . $userid; } if ($ip = (int) @$_GET['ip']) { $where .= ' AND ip = ' . (int) $ip; } // пагинация $this->set_pagination_args(array('total_items' => $wpdb->get_var("SELECT count(*) FROM {$wpdb->democracy_log} {$where}"), 'per_page' => $per_page)); $cur_page = (int) $this->get_pagenum(); // после set_pagination_args() // orderby offset $OFFSET = 'LIMIT ' . (($cur_page - 1) * $per_page . ',' . $per_page); $order = @strtolower($_GET['order']) == 'asc' ? 'ASC' : 'DESC'; $orderby = @$_GET['orderby'] ?: 'date'; $ORDER_BY = ''; if ($orderby) { $ORDER_BY = sprintf("ORDER BY %s %s", esc_sql($orderby), $order); } // выполняем запрос $sql = "SELECT * FROM {$wpdb->democracy_log} {$where} {$ORDER_BY} {$OFFSET}"; $this->items = $wpdb->get_results($sql); }