Jigoshop using wpdb->prepare when not needed – throws warning

  • WP 3.8, PHP5.3, Jigoshop1.8

    wpdb->prepare() throws a warning when no parameters are passed, since this could signal a security issue.

    jigoshop_options_class.php throws this Warning at Line 188

    Original code:

    $options_in_use = $wpdb->get_results(
   $wpdb->prepare( "SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'jigoshop_%%';" ));

    Note that there is nothing to “prepare” here – the SQL requires no substitutions. So, the prepare() call has no effect. Thus, the following is simpler and does not generate any warnings:

    $options_in_use = $wpdb->get_results("SELECT * FROM {$wpdb->options} WHERE option_name LIKE 'jigoshop_%%';");

    This is NOT a security issue, but since this warning CAN indicate a security issue, be nice to get rid of it.

    For more info about the issue in general, see https://make.www.ads-software.com/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/

    As always – thanks! Jigoshop ROCKS!

    https://www.ads-software.com/plugins/jigoshop/

  • The topic ‘Jigoshop using wpdb->prepare when not needed – throws warning’ is closed to new replies.