From a46d83aea37c99a5f59fa11931076ef18f953c11 Mon Sep 17 00:00:00 2001 From: Allen Snook Date: Fri, 19 Oct 2018 15:48:38 -0700 Subject: [PATCH] Rewrite the queries a bit to leverage prepare when possible --- .../class-wc-admin-notes-data-store.php | 27 +++++++------------ 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/plugins/woocommerce-admin/includes/data-stores/class-wc-admin-notes-data-store.php b/plugins/woocommerce-admin/includes/data-stores/class-wc-admin-notes-data-store.php index aee69ac1fa9..3e3779717ea 100644 --- a/plugins/woocommerce-admin/includes/data-stores/class-wc-admin-notes-data-store.php +++ b/plugins/woocommerce-admin/includes/data-stores/class-wc-admin-notes-data-store.php @@ -205,13 +205,6 @@ class WC_Admin_Notes_Data_Store extends WC_Data_Store_WP implements WC_Object_Da public function get_notes( $args = array() ) { global $wpdb; - // Build the query. - $query = " - SELECT note_id, title, content - FROM {$wpdb->prefix}woocommerce_admin_notes - ORDER BY note_id DESC - "; - $per_page = isset( $args['per_page'] ) ? intval( $args['per_page'] ) : 10; if ( $per_page <= 0 ) { $per_page = 10; @@ -225,7 +218,13 @@ class WC_Admin_Notes_Data_Store extends WC_Data_Store_WP implements WC_Object_Da $offset = $per_page * ( $page - 1 ); $pagination = sprintf( ' LIMIT %d, %d', $offset, $per_page ); - return $wpdb->get_results( $query . $pagination ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared + return $wpdb->get_results( + $wpdb->prepare( + "SELECT note_id, title, content FROM {$wpdb->prefix}woocommerce_admin_notes ORDER BY note_id DESC LIMIT %d, %d", + $offset, + $per_page + ) + ); } /** @@ -235,14 +234,8 @@ class WC_Admin_Notes_Data_Store extends WC_Data_Store_WP implements WC_Object_Da */ public function get_notes_count() { global $wpdb; - - // Build the query. - $query = " - SELECT COUNT(*) - FROM {$wpdb->prefix}woocommerce_admin_notes - "; - - return $wpdb->get_var( $query ); // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared + // phpcs:ignore WordPress.WP.PreparedSQL.NotPrepared + return $wpdb->get_var( "SELECT COUNT(*) FROM {$wpdb->prefix}woocommerce_admin_notes" ); } /** @@ -255,7 +248,7 @@ class WC_Admin_Notes_Data_Store extends WC_Data_Store_WP implements WC_Object_Da global $wpdb; return $wpdb->get_col( $wpdb->prepare( - "SELECT note_id FROM {$wpdb->prefix}woocommerce_admin_notes WHERE name = %s ORDER BY note_id ASC;", + "SELECT note_id FROM {$wpdb->prefix}woocommerce_admin_notes WHERE name = %s ORDER BY note_id ASC", $name ) );