I’m having to update a WP installation for a community organisations from version 2.9.1 to the current 3.9.1.
The installation has a couple of custom built plugins that aren’t documented.
I’ve just performed the WP version update and now I see a warning (Missing argument 2 for wpdb::prepare()) on every page that relates to the following line in the code of one of these custom built plugin:
$rows = $wpdb->get_results($wpdb->prepare("SELECT id, name FROM ".$table_name));
From what I’ve read online, this is due to a change in the coding, that requires 2 values to be sent to wpdb::prepare(), but I’ve no idea how the line of code given above, needs to be changed.
If someone could help me out, I’d really appreciate it.
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
That was not exactly change in code, that was change to better inform people they are not using the method correctly.
In line with wpdb documentation you need to properly pass values, or they won’t be properly escaped in query.
In your case it would turn into something like:
$wpdb->prepare("SELECT id, name FROM %s", $table_name)
Note that if $table_name isn’t coming from any untrusted input, then there is no need to prepare query in such case altogether.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0