PHP esc_sql函数代码示例

 private function _activateMail()
 {
     global $guiform, $wpdb;
     $mv_code = esc_sql(trim($_GET['mv-code']));
     $id = $_REQUEST[$guiform->getOption('permalink')->value['value']];
     $data = $wpdb->get_row($wpdb->prepare("SELECT name, value FROM {$wpdb->guiform_options} WHERE id = %d", $id));
     $row = unserialize($data->value);
     if ($row['key'] == $mv_code) {
         $row['key'] = '';
         $row['status'] = 1;
         $guiform->updateOption($data->name, $row, 'mail', $id);
         $blog_id = get_current_blog_id();
         $path = "admin.php?page=guiform-settings&tab=mail";
         $path = get_admin_url($blog_id, $path);
         $html = "<strong>Congratulations!</strong><br /><br />\n\t\t\t\t\t\t\tYou can now use " . $data->name . " for sending confirmation message with your form.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />";
         echo GuiForm_Module_Ajax::emailTpl($html);
     } else {
         $blog_id = get_current_blog_id();
         $path = "admin.php?page=guiform-settings&tab=mail";
         $path = get_admin_url($blog_id, $path);
         $html = "<strong>Invalid Code!</strong><br /><br />\n\t\t\t\t\t\t\tYou entered invalid email verification code. Please check your email or send a new verification code request.<br /><br />\n\t\t\t\t\t\t\t<a href=\"{$path}\">Click here to continue.</a><br /><br />";
         echo GuiForm_Module_Ajax::emailTpl($html);
     }
     die;
 }

function pmpro_upgrade_1_8_6_9_ajax()
{
    global $wpdb;
    //keeping track of which order we're working on
    $last_order_id = get_option('pmpro_upgrade_1_8_6_9_last_order_id', 0);
    //get orders
    $orders = $wpdb->get_results("SELECT id, user_id, membership_id, subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE id > {$last_order_id} AND gateway = 'stripe' AND subscription_transaction_id LIKE 'cus_%' ORDER BY id LIMIT 100");
    if (empty($orders)) {
        //done with this update
        pmpro_removeUpdate('pmpro_upgrade_1_8_6_9_ajax');
        delete_option('pmpro_upgrade_1_8_6_9_last_order_id');
    } else {
        $subids = array();
        //cache of subids found
        foreach ($orders as $order) {
            $last_order_id = $order->id;
            //keeping track of the last order we processed
            if (!empty($subids[$order->subscription_transaction_id])) {
                $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subids[$order->subscription_transaction_id]) . "' WHERE id = '" . $order->id . "' LIMIT 1");
            } elseif (isset($subids[$order->subscription_transaction_id])) {
                //no sub id found, so let it go
            } else {
                //need to look for a sub id in the database
                $subid = $wpdb->get_var("SELECT subscription_transaction_id FROM {$wpdb->pmpro_membership_orders} WHERE membership_id = '" . $order->membership_id . "' AND user_id = '" . $order->user_id . "' AND subscription_transaction_id LIKE 'sub_%' LIMIT 1");
                $subids[$order->subscription_transaction_id] = $subid;
                if (!empty($subid)) {
                    $wpdb->query("UPDATE {$wpdb->pmpro_membership_orders} SET subscription_transaction_id = '" . esc_sql($subid) . "' WHERE id = '" . $order->id . "' LIMIT 1");
                } else {
                    //no sub id found, so let it go
                }
            }
        }
        update_option('pmpro_upgrade_1_8_6_9_last_order_id', $last_order_id);
    }
}

 /**
  * Delete meta keys
  *
  * @global type $wpdb
  * @param type $keys
  * @param type $post_id
  * @return type
  */
 static function delete_meta_key($keys, $post_id = null)
 {
     if (empty($keys) || !count($keys)) {
         return false;
     }
     global $wpdb;
     $extra = !empty($post_id) ? 'post_id = ' . esc_sql($post_id) . ' AND' : '';
     $sql = "DELETE FROM {$wpdb->postmeta} WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")";
     // Call $wpdb->prepare passing the values of the array as separate arguments
     $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys));
     $wpdb->query($query);
     // del all blog
     if (is_network_admin()) {
         // get list id blog all
         $list_prefix_musite = $wpdb->get_results("SELECT blog_id FROM {$wpdb->blogs}", ARRAY_A);
         if ($list_prefix_musite && count($list_prefix_musite) > 1) {
             foreach ($list_prefix_musite as $key => $value) {
                 if ($value['blog_id'] == 1) {
                     continue;
                 }
                 $prefix = $wpdb->prefix . $value['blog_id'] . '_';
                 $sql = "DELETE FROM {$prefix}postmeta WHERE {$extra} meta_key IN (" . implode(', ', array_fill(0, count($keys), '%s')) . ")";
                 // Call $wpdb->prepare passing the values of the array as separate arguments
                 $query = call_user_func_array(array($wpdb, 'prepare'), array_merge(array($sql), $keys));
                 $wpdb->query($query);
             }
         }
     }
 }

 public function prepare_items()
 {
     global $wpdb;
     $per_page = 10;
     $this->_column_headers = array($this->get_columns(), $this->get_hidden_columns(), $this->get_sortable_columns());
     // Строим запрос
     // where ----
     $where = 'WHERE 1';
     if ($s = @$_GET['s']) {
         $like = '%' . $wpdb->esc_like($s) . '%';
         $where .= $wpdb->prepare(" AND ( question LIKE %s OR id IN (SELECT qid from {$wpdb->democracy_a} WHERE answer LIKE %s) ) ", $like, $like);
         //die( $where );
     }
     // пагинация
     $this->set_pagination_args(array('total_items' => $wpdb->get_var("SELECT count(*) FROM {$wpdb->democracy_q} {$where}"), 'per_page' => $per_page));
     $cur_page = (int) $this->get_pagenum();
     // после set_pagination_args()
     // orderby offset
     $OFFSET = 'LIMIT ' . (($cur_page - 1) * $per_page . ',' . $per_page);
     $order = @$_GET['order'] == 'asc' ? 'ASC' : 'DESC';
     $orderby = @$_GET['orderby'] ?: 'id';
     $ORDER_BY = sprintf("ORDER BY %s %s", esc_sql($orderby), $order);
     // выполняем запрос
     $sql = "SELECT * FROM {$wpdb->democracy_q} {$where} {$ORDER_BY} {$OFFSET}";
     $this->items = $wpdb->get_results($sql);
 }

function sf_acf_check_args_for_checkboxes($args)
{
    if (!isset($args['meta_query'])) {
        return $args;
    }
    $acf_fields = array();
    foreach ($args['meta_query'] as $key => $val) {
        $is_checkbox = sf_acf_is_checkbox(array('add_this' => false, 'meta_key' => $val['key']));
        if ($is_checkbox['add_this']) {
            $acf_fields[] = $val;
            unset($args['meta_query'][$key]);
        }
    }
    $where_meta = array();
    foreach ($acf_fields as $field) {
        if (!is_array($field['value'])) {
            $where_meta[$field['key']][] = 's:' . strlen($field['value']) . ':"' . $field['value'] . '";';
        } else {
            foreach ($field['value'] as $fv) {
                $where_meta[$field['key']][] = 's:' . strlen($fv) . ':"' . esc_sql(like_escape($fv)) . '";';
            }
        }
    }
    if (count($where_meta) > 0) {
        add_filter('posts_join_paged', 'sf_acf_checkbox_filter_join', 10, 2);
        add_filter('posts_where', 'sf_acf_checkbox_filter_where', 10, 2);
        add_filter('posts_groupby', 'sf_groupby');
        $args['sf-acfcheckbox-meta'] = $where_meta;
    }
    return $args;
}

 protected function __format_search()
 {
     $this->s_query = explode("-", $this->options['s_query']);
     $this->s_query = implode(" ", $this->s_query);
     $this->s_query = '%' . like_escape(esc_sql($this->s_query)) . '%';
     // Thanks Manny Fleurmond
 }

 function get_links($args)
 {
     global $wpdb;
     $where = '';
     extract($args);
     if (!empty($filter_links)) {
         $where .= " AND (link_name LIKE '%" . esc_sql($filter_links) . "%' OR link_url LIKE '%" . esc_sql($filter_links) . "%')";
     }
     $linkcats = $this->getLinkCats();
     $sql_query = "{$wpdb->links} WHERE 1=1 " . $where;
     $links_total = $wpdb->get_results("SELECT count(*) as total_links FROM " . $sql_query);
     $total = $links_total[0]->total_links;
     $query_links = $wpdb->get_results("SELECT link_id, link_url, link_name, link_target, link_visible, link_rating, link_rel FROM " . $sql_query . " ORDER BY link_name ASC LIMIT 500");
     $links = array();
     foreach ($query_links as $link_info) {
         $link_cat = $linkcats[$link_info->link_id];
         $cats = array();
         if (!empty($link_cat)) {
             foreach ($link_cat as $catkey => $catval) {
                 $cats[] = $catval;
             }
         }
         $links[$link_info->link_id] = array("link_url" => $link_info->link_url, "link_name" => $link_info->link_name, "link_target" => $link_info->link_target, "link_visible" => $link_info->link_visible, "link_rating" => $link_info->link_rating, "link_rel" => $link_info->link_rel, "link_cats" => $cats);
     }
     return array('links' => $links, 'total' => $total);
 }

 /**
  * Upload
  * Ajax callback function
  *
  * @return string Error or (XML-)response
  */
 static function handle_upload()
 {
     global $wpdb;
     $post_id = is_numeric($_REQUEST['post_id']) ? $_REQUEST['post_id'] : 0;
     $field_id = isset($_REQUEST['field_id']) ? $_REQUEST['field_id'] : '';
     check_ajax_referer("rwmb-upload-images_{$field_id}");
     // You can use WP's wp_handle_upload() function:
     $file = $_FILES['async-upload'];
     $file_attr = wp_handle_upload($file, array('test_form' => false));
     //Get next menu_order
     $meta = get_post_meta($post_id, $field_id, false);
     if (empty($meta)) {
         $next = 0;
     } else {
         $meta = esc_sql(implode(',', (array) $meta));
         $max = $wpdb->get_var("\n\t\t\t\t\tSELECT MAX(menu_order) FROM {$wpdb->posts}\n\t\t\t\t\tWHERE post_type = 'attachment'\n\t\t\t\t\tAND ID in ({$meta})\n\t\t\t\t");
         $next = is_numeric($max) ? (int) $max + 1 : 0;
     }
     $attachment = array('guid' => $file_attr['url'], 'post_mime_type' => $file_attr['type'], 'post_title' => preg_replace('/\\.[^.]+$/', '', basename($file['name'])), 'post_content' => '', 'post_status' => 'inherit', 'menu_order' => $next);
     // Adds file as attachment to WordPress
     $id = wp_insert_attachment($attachment, $file_attr['file'], $post_id);
     if (!is_wp_error($id)) {
         wp_update_attachment_metadata($id, wp_generate_attachment_metadata($id, $file_attr['file']));
         // Save file ID in meta field
         add_post_meta($post_id, $field_id, $id, false);
         wp_send_json_success(self::img_html($id));
     }
     exit;
 }

function do_acps_install()
{
    //Setup default options
    acps_default_options();
    //Try to create new page for results
    acps_create_page(esc_sql(_x('advanced-search', 'page_slug', 'acps')), 'acps_options', __('Advanced Search', 'acps'), '[acps_results]');
}

function query_modify($obj)
{
    global $args;
    global $db_prefix;
    $obj['where'] = " AND ( ( " . $db_prefix . "postmeta.meta_key LIKE 'content_areas_%_body_content' AND " . $db_prefix . "posts.post_type = 'page' AND CAST(" . $db_prefix . "postmeta.meta_value AS CHAR) LIKE '%" . esc_sql($args['s']) . "%' ) AND ( mt1.meta_key = '_wp_page_template' AND CAST(mt1.meta_value AS CHAR) = 'general-interior.php' ) ) OR (((" . $db_prefix . "posts.post_title LIKE '%" . esc_sql($args['s']) . "%') OR (" . $db_prefix . "posts.post_content LIKE '%" . esc_sql($args['s']) . "%')) AND " . $db_prefix . "posts.post_type IN ('post', 'team', 'projects')) AND ((" . $db_prefix . "posts.post_status = 'publish')) ";
    return $obj;
}

 function prepare_items()
 {
     global $wpdb;
     $this->process_bulk_action();
     $query = "SELECT * FROM " . $wpdb->prefix . "swpm_membership_tbl WHERE  id !=1 ";
     if (isset($_POST['s'])) {
         $query .= " AND alias LIKE '%" . strip_tags($_POST['s']) . "%' ";
     }
     $orderby = !empty($_GET["orderby"]) ? esc_sql($_GET["orderby"]) : 'id';
     $order = !empty($_GET["order"]) ? esc_sql($_GET["order"]) : 'DESC';
     $sortable_columns = $this->get_sortable_columns();
     $orderby = SwpmUtils::sanitize_value_by_array($orderby, $sortable_columns);
     $order = SwpmUtils::sanitize_value_by_array($order, array('DESC' => '1', 'ASC' => '1'));
     if (!empty($orderby) && !empty($order)) {
         $query .= ' ORDER BY ' . $orderby . ' ' . $order;
     }
     $totalitems = $wpdb->query($query);
     //return the total number of affected rows
     $perpage = 20;
     $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : '';
     if (empty($paged) || !is_numeric($paged) || $paged <= 0) {
         $paged = 1;
     }
     $totalpages = ceil($totalitems / $perpage);
     if (!empty($paged) && !empty($perpage)) {
         $offset = ($paged - 1) * $perpage;
         $query .= ' LIMIT ' . (int) $offset . ',' . (int) $perpage;
     }
     $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage));
     $columns = $this->get_columns();
     $hidden = array();
     $sortable = $this->get_sortable_columns();
     $this->_column_headers = array($columns, $hidden, $sortable);
     $this->items = $wpdb->get_results($query, ARRAY_A);
 }

 /**
  * Searches the database for a plugin
  * 
  * @param 	string 	$id 	The slug of the plugin
  *
  * @return 	object 			The results from the database
  **/
 public static function find($id)
 {
     $id = esc_sql($id);
     $self = new static();
     $query = $self->builder->where('id', '=', $id);
     return $query->first();
 }

 function prepare_items()
 {
     $all_categories = array();
     $all_cat_ids = get_categories(array('hide_empty' => '0'));
     $totalitems = count($all_cat_ids);
     $perpage = 100;
     $paged = !empty($_GET["paged"]) ? esc_sql($_GET["paged"]) : '';
     if (empty($paged) || !is_numeric($paged) || $paged <= 0) {
         $paged = 1;
     }
     $totalpages = ceil($totalitems / $perpage);
     $offset = 0;
     if (!empty($paged) && !empty($perpage)) {
         $offset = ($paged - 1) * $perpage;
     }
     for ($i = $offset; $i < (int) $offset + (int) $perpage && !empty($all_cat_ids[$i]); $i++) {
         $all_categories[] = $all_cat_ids[$i];
     }
     $this->set_pagination_args(array("total_items" => $totalitems, "total_pages" => $totalpages, "per_page" => $perpage));
     $columns = $this->get_columns();
     $hidden = array();
     $sortable = $this->get_sortable_columns();
     $this->_column_headers = array($columns, $hidden, $sortable);
     $this->items = $all_categories;
 }

 public function appendConditionSomethingIn($heystack, $needles, $glue = 'AND', $not_in = false)
 {
     force_array($needles);
     $n_needles = count($needles);
     if ($n_needles === 1) {
         $symbol = $not_in ? '!=' : '=';
         $this->appendCondition(sprintf("{$heystack} {$symbol} '%s'", esc_sql($needles[0])), $glue);
         return $this;
     }
     $values = '';
     for ($i = 0; $i < $n_needles; $i++) {
         if ($i != 0) {
             $values .= ', ';
         }
         $values .= single_quotes(esc_sql($needles[$i]));
     }
     if ($values !== '') {
         if ($not_in) {
             $this->appendCondition("{$heystack} NOT IN ({$values})", $glue);
         } else {
             $this->appendCondition("{$heystack} IN ({$values})", $glue);
         }
     }
     return $this;
 }

 /**
  * Create pages that the plugin relies on, storing page id's in variables.
  *
  * @access public
  * @return void
  */
 function wcmp_product_vendor_plugin_create_pages()
 {
     global $WCMp;
     // Dc_demo_plugins test page
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_dashboard', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_dashboard_page_id', __('Vendor Dashboard', $WCMp->text_domain), '[vendor_dashboard]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_shop_settings', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shop_settings_page_id', __('Shop Settings', $WCMp->text_domain), '[shop_settings]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_orders', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_orders_page_id', __('Vendor Orders', $WCMp->text_domain), '[vendor_orders]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_order_detail', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_vendor_order_detail_page_id', __('Vendor Order Details', $WCMp->text_domain), '[vendor_order_detail]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_withdrawal_request', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_widthdrawal_page_id', __('Withdrawal Request Status', $WCMp->text_domain), '[transaction_thankyou]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_transaction_details', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_transaction_details_page_id', __('Transaction Details', $WCMp->text_domain), '[transaction_details]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_policies', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_policies_page_id', __('Vendor Policies', $WCMp->text_domain), '[vendor_policies]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_billing', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_billing_page_id', __('Vendor Billing', $WCMp->text_domain), '[vendor_billing]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_shipping', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_shipping_page_id', __('Vendor Shipping', $WCMp->text_domain), '[vendor_shipping_settings]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_report', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_report_page_id', __('Vendor Reports', $WCMp->text_domain), '[vendor_report]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_widthdrawals', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_widthdrawals_page_id', __('Vendor Widthdrawals', $WCMp->text_domain), '[vendor_widthdrawals]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_university', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_university_page_id', __('Vendor University', $WCMp->text_domain), '[vendor_university]');
     $this->wcmp_product_vendor_plugin_create_page(esc_sql(_x('wcmp_vendor_messages', 'page_slug', $WCMp->text_domain)), 'wcmp_product_vendor_messages_page_id', __('Vendor Messages', $WCMp->text_domain), '[vendor_messages]');
     $array_pages = array();
     $array_pages['vendor_dashboard'] = get_option('wcmp_product_vendor_vendor_dashboard_page_id');
     $array_pages['shop_settings'] = get_option('wcmp_product_vendor_shop_settings_page_id');
     $array_pages['view_order'] = get_option('wcmp_product_vendor_vendor_orders_page_id');
     $array_pages['vendor_order_detail'] = get_option('wcmp_product_vendor_vendor_order_detail_page_id');
     $array_pages['vendor_transaction_thankyou'] = get_option('wcmp_product_vendor_transaction_widthdrawal_page_id');
     $array_pages['vendor_transaction_detail'] = get_option('wcmp_product_vendor_transaction_details_page_id');
     $array_pages['vendor_policies'] = get_option('wcmp_product_vendor_policies_page_id');
     $array_pages['vendor_billing'] = get_option('wcmp_product_vendor_billing_page_id');
     $array_pages['vendor_shipping'] = get_option('wcmp_product_vendor_shipping_page_id');
     $array_pages['vendor_report'] = get_option('wcmp_product_vendor_report_page_id');
     $array_pages['vendor_widthdrawals'] = get_option('wcmp_product_vendor_widthdrawals_page_id');
     $array_pages['vendor_university'] = get_option('wcmp_product_vendor_university_page_id');
     $array_pages['vendor_messages'] = get_option('wcmp_product_vendor_messages_page_id');
     update_option('wcmp_pages_settings_name', $array_pages);
 }