Jump to content


Photo

WordPress plugin I had help writing broken with a recent WP update...


  • Please log in to reply
10 replies to this topic

#1 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 27 January 2013 - 10:50 PM


Let me start by saying, I'm not sure how long this plugin hasn't worked. It's been a few months since I've paid attention to it, but it was never deactivated, so I'm thinking since upgrading to 3.4 or 3.5 because it was November when I noticed it broken. I'm just now getting around to needing it, but I can't locate who helped me write this.

The gist of it is when a Post is posted it pushes the tag/term, which I only use for the names of basketball players, to one of my custom data tables. From that table, I get information to be viewed on the player's Tag archive page above the posts about the player.

Now, when I post, I get the following error messages:


Warning: Missing argument 2 for wpdb::prepare(), called in /home/jwrbloom/public_html/wp-content/plugins/save-on-post/save-on-post.php on line 69 and defined in /home/jwrbloom/public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /home/jwrbloom/public_html/wp-content/plugins/save-on-post/save-on-post.php on line 69 and defined in /home/jwrbloom/public_html/wp-includes/wp-db.php on line 990
Warning: Missing argument 2 for wpdb::prepare(), called in /home/jwrbloom/public_html/wp-content/plugins/save-on-post/save-on-post.php on line 69 and defined in /home/jwrbloom/public_html/wp-includes/wp-db.php on line 990
Warning: Cannot modify header information - headers already sent by (output started at /home/jwrbloom/public_html/wp-includes/wp-db.php:990) in /home/jwrbloom/public_html/wp-includes/pluggable.php on line 876


It still posts the Post, but it doesn't push the tag/term to the data table as I need it. It also just sticks on the otherwise blank page, so I have to go back or hit my Dashboard bookmark.

I've made no changes to the code below. I started writing it and received a lot of help on it. The guy who helped me thought through the autosave, as well as my inability to make it work through an array of tags/terms. The functions being referenced in the error messages, I really can't make much of them, so I'd rather not try without getting help.


[color=#333333][font=sans-serif][size=3]
/*
Plugin Name: Save with post
Plugin URI: 
Description: Updates a secondary table in the database when a post is saved.
Version: 0.1
*/[/size][/font][/color]


// Your custom table name
define('S_DB','a_playerRank');


add_action('save_post', '__and_upd_other');
add_action('edit_post', '__and_upd_other');


function __and_upd_other( $post_id ) {
global $wpdb;


if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) return $post_id;
if ( 'page' == $_POST['post_type'] ) {
  if ( !current_user_can( 'edit_page', $post_id ) ) return $post_id;
} 
else {
  if ( !current_user_can( 'edit_post', $post_id ) ) return $post_id;
}
$post_tag = ($_POST['tax_input']['post_tag']) ? $_POST['tax_input']['post_tag'] : '';

if('' != $post_tag) :

  $post_tag = explode(',',$post_tag);
 
  $ptc = 0;
  // Build string of OR matches for the query
  foreach($post_tag as $tag) {
   $ptc++;
   if($ptc == 1) { $tt = "terms.name = '$tag'"; } 
   else { $tt .= " OR terms.name = '$tag'"; }
  }
  // Get the tag ids and slugs for the saved post
  $tags = $wpdb->get_results("
   SELECT terms.term_id, terms.slug 
   FROM $wpdb->terms as terms
    JOIN $wpdb->term_taxonomy as tax ON tax.term_id = terms.term_id
    JOIN $wpdb->term_relationships as rel ON rel.term_taxonomy_id = tax.term_taxonomy_id
   WHERE rel.object_id = '$post_id'
   AND tax.taxonomy = 'post_tag'
   AND $tt
  ", ARRAY_A);
 
  // Create 2 empty strings
  $mstr = $lstr = '';
 
  // Build a case string for the next query
  foreach($tags as $t => $tag) {
   $mstr .= "when '$tag[slug]' then '$tag[term_id]' ";
   $lstr .= "'$tag[slug]',";
  }
  // Unset unused data
  unset($tags);
 
  // Remove the last comma off the second string
  $lstr = substr($lstr,0,-1);
 
  // Create the a nifty query to do multiple updates in one query
  $wpdb->query( $wpdb->prepare("
   UPDATE ".S_DB."
   SET ".S_DB.".wpID = case wpSlug
   $mstr end
   WHERE ".S_DB.".wpSlug in($lstr)"));
endif;
return;
}


#2 trq

trq

    Advanced Member

  • Administrators
  • 30,992 posts
  • LocationSydney, Australia.

Posted 27 January 2013 - 11:22 PM

Have you looked at the documentation for the prepare method? It looks similar to sprintf, and it looks like your code is not using it properly.

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#3 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 27 January 2013 - 11:31 PM

A little, but can't make heads or tails of it. As I have dug some more, it's definitely a WP 3.5 issue, and here is what someone posted on WP's forum about his solution:



The theme file (mentioned in the error) was using $wpdb->prepare in insecure manner. Changing following did the trick. The warning was earlier being issued by wordpress since it now wants developers to parse variables securely instead of directly parsing in the statement. So another argument is a must in $wpdb->prepare call in such cases.

For example you can change
$wpdb->prepare( "SELECT * FROM table WHERE id = $id" );
to
$wpdb->prepare( "SELECT * FROM table WHERE id = %d", $id );

Cheers,
Tushar



I've posted on the WP forum too with **Missing argument 2 for wpdb::prepare()** in the subject line, hoping to evoke a specific response. The query causing the problem in my instance isn't a simple as WHERE id= . :happy-04:

So I'm not really sure how of to apply what's suggested to my code.

#4 trq

trq

    Advanced Member

  • Administrators
  • 30,992 posts
  • LocationSydney, Australia.

Posted 28 January 2013 - 01:58 AM

Instead of using variables directly within your query, you use placeholders. You then pass your variables in as extra arguments to prepare().

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#5 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 28 January 2013 - 06:04 AM

I sort of get what you're saying and how it applies to the example that was given:

WHERE id = $id"
to
WHERE id = %d", $id

...but I don't know how to apply that to my code.


WHERE ".S_DB.".wpSlug in($lstr)"));

#6 trq

trq

    Advanced Member

  • Administrators
  • 30,992 posts
  • LocationSydney, Australia.

Posted 28 January 2013 - 06:13 AM

WHERE ".S_DB.".wpSlug in(%s)"), $lstr);
 

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#7 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 28 January 2013 - 11:54 AM

I'm still getting the errors.

#8 trq

trq

    Advanced Member

  • Administrators
  • 30,992 posts
  • LocationSydney, Australia.

Posted 28 January 2013 - 04:11 PM

Post your current code.

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#9 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 28 January 2013 - 09:10 PM

Thanks for taking a look.



/*
Plugin Name: Save with post
Plugin URI: 
Description: Updates a secondary table in the database when a post is saved.
Version: 0.1
*/


// Your custom table name
define('S_DB','a_playerRank');


add_action('save_post', '__and_upd_other');
add_action('edit_post', '__and_upd_other');


function __and_upd_other( $post_id ) {
global $wpdb;


if ( defined('DOING_AUTOSAVE') && DOING_AUTOSAVE ) return $post_id;
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post_id ) ) return $post_id;
} 
else {
if ( !current_user_can( 'edit_post', $post_id ) ) return $post_id;
}
$post_tag = ($_POST['tax_input']['post_tag']) ? $_POST['tax_input']['post_tag'] : '';


if('' != $post_tag) :


$post_tag = explode(',',$post_tag);


$ptc = 0;
// Build string of OR matches for the query
foreach($post_tag as $tag) {
$ptc++;
if($ptc == 1) { $tt = "terms.name = '$tag'"; } 
else { $tt .= " OR terms.name = '$tag'"; }
}
// Get the tag ids and slugs for the saved post
$tags = $wpdb->get_results("
SELECT terms.term_id, terms.slug 
FROM $wpdb->terms as terms
JOIN $wpdb->term_taxonomy as tax ON tax.term_id = terms.term_id
JOIN $wpdb->term_relationships as rel ON rel.term_taxonomy_id = tax.term_taxonomy_id
WHERE rel.object_id = '$post_id'
AND tax.taxonomy = 'post_tag'
AND $tt
", ARRAY_A);


// Create 2 empty strings
$mstr = $lstr = '';


// Build a case string for the next query
foreach($tags as $t => $tag) {
$mstr .= "when '$tag[slug]' then '$tag[term_id]' ";
$lstr .= "'$tag[slug]',";
}
// Unset unused data
unset($tags);


// Remove the last comma off the second string
$lstr = substr($lstr,0,-1);


// Create the a nifty query to do multiple updates in one query
$wpdb->query( $wpdb->prepare("
UPDATE ".S_DB."
SET ".S_DB.".wpID = case wpSlug
$mstr end
WHERE ".S_DB.".wpSlug in(%s)"), $lstr);
//old line before switching due 3.5 upgrade  WHERE ".S_DB.".wpSlug in($lstr)"));
endif;
return;
}


#10 trq

trq

    Advanced Member

  • Administrators
  • 30,992 posts
  • LocationSydney, Australia.

Posted 29 January 2013 - 12:46 AM

$lstr needs to be the second argument to prepare() not query().

http://thorpesystems.com | http://proemframework.org | http://github.com/trq

SmtpCatcher - A very simple mock sendmail useful for testing PHP mail scripts.
OPM - My Linux package manager.


#11 Jim R

Jim R

    Advanced Member

  • Members
  • PipPipPip
  • 448 posts

Posted 29 January 2013 - 10:56 AM

Not really sure what that means or where it should be used. Sorry for being dense. I work with queries a lot, and mostly just Select, but rarely do I deal with variables within queries.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com