Missing argument 2 for wpdb::prepare()

  • Resolved Alpesh

    (@alpesh_p2010)


    7 years ago

    I have installed the plugin and navigated to the Stats tab and saw this PHP warning –

    “/home1/user/public_html/site/wp-content/plugins/optimum-gravatar-cache/optimum-gravatar-cache.php on line 1063 and defined in /home1/user/public_html/site/wp-includes/wp-db.php on line 1292”

    After doing a quick Google search, I have found the below article which clearly states that the used SQL query is vulnerable to SQL injection. The error occurs in 1063, 1066 and 1069 lines. Kindly update the SQL queries and release the new update.

    PHP Warning: Missing argument 2 for wpdb::prepare()

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Alpesh

    (@alpesh_p2010)

    Fixed the issue by replacing the code on Line 1063,1066 and 1069 as below:

    1063: $sql = $wpdb->prepare(“SELECT count(%d) as num FROM{$this->cacheTableName}“,$id);

    1066: $sql = $wpdb->prepare(“SELECT count( DISTINCT(%s) ) as num FROM {$this->cacheTableName} WHERE def=’1′ “,$hash);

    1069: $sql = $wpdb->prepare(“SELECT count( DISTINCT(%s) ) as num FROM {$this->cacheTableName} WHERE def=’0′ “,$hash);

    I assume that the above code is effective and reliable. If not correct me.

    • This reply was modified 7 years ago by Alpesh.
    Plugin Author José Miguel

    (@jomisica)

    Sorry, I could not see it sooner. You’re right really was meaningless and wrong. However as the data is static I removed the prepare. Thanks however for bothering to use the plugin. And if I can improve any aspect I will do so! Thank you!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Missing argument 2 for wpdb::prepare()’ is closed to new replies.