I modified an abandoned Stackoverflow form of badge plugin to work with WordPress 3.4.2 and it does indeed. The full script for it is here: http://pastebin.com/Ta91zXiL
When upgrading to WordPress v3.5, I receive these warnings when publishing a post (or post a comment):
Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 342 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Missing argument 2 for wpdb::prepare(), called in /public_html/wp-content/plugins/rockhoist-badges/rh-badges.php on line 355 and defined in /public_html/wp-includes/wp-db.php on line 990 Warning: Cannot modify header information - headers already sent by (output started at /public_html/wp-includes/wp-db.php:990) in /public_html/wp-includes/pluggable.php on line 876
So it seems to be related to lines 342 and 355:
function rhb_get_user_comment_count( $args = '' ) {
global $wpdb;
$comment_count = $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*)
FROM " . $wpdb->prefix . "comments
WHERE user_id = " . $args['user_ID'] . "
AND comment_approved = '1'" ) ); // line 342
return $comment_count;
}
function rhb_get_user_post_count( $args = '' ) {
global $wpdb;
$post_count = $wpdb->get_var($wpdb->prepare( "SELECT COUNT(*)
FROM " . $wpdb->prefix . "posts
WHERE post_author = " . $args['user_ID'] . "
AND post_status = 'publish'
AND post_type = 'post'" ) ); // line 355
return $post_count;
}
I have been trying to understand these warnings all day but failed. Can someone kindly assist me to fix this issue so that we can have a working version of this very useful badge system for WP 3.5?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
Lead developer Nacin answers this one:
Hello plugin or theme author! You possibly found this post after
searching the Internet for the error above: “PHP Warning: Missing
argument 2 for wpdb::prepare().”So, this is a new warning in 3.5. No sites are broken, everything is
fine as before. But, this is indeed something you need to look at,
because you may be exposing your users to a possible SQL injection
vulnerability. Now that’s no fun!
Have a read of the rest, for further explanation.
As for rehabilitating your existing code:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM " . $wpdb->prefix . "comments
WHERE user_id = " . $args['user_ID'] . "
AND comment_approved = '1'
"
)
First, clean it up by getting rid of the unnecessary string concatenation, and calling $wpdb->comments for the comments table:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->comments
WHERE user_id = $args['user_ID']
AND comment_approved = '1'
"
)
Now, the warning has to do with this part of the query:
WHERE user_id = $args['user_ID']
You need to replace $args['user_ID'] with $d, and then use $args['user_ID'] as the missing, second parameter:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->comments
WHERE user_id = %d
AND comment_approved = '1'
",
$args['user_ID'] // %d
)
The second one should be similar:
$wpdb->prepare(
"
SELECT COUNT(*)
FROM $wpdb->posts
WHERE post_author = %d
AND post_status = 'publish'
AND post_type = 'post'
",
$args['user_ID'] // %d
)
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0