Since wordpress 3.5, WordPress has modified the wpdb::prepare () method, and the second parameter of wpdb::prepare () must be filled in! If it doesn’t pass, it will report an error:
Warning: Missing argument 2 for wpdb::prepare(), called in xxx.php on line 75 and defined in /www/wp-includes/wp-db.php on line 990
The second parameter of wpdb::prepare ()
Technically, there is nothing wrong with WordPress to modify prepare in this way, because it is a method used to assemble SQL statements. According to common sense, there must be a string with variables as the first parameter and the second parameter as the variable, which is to avoid the security problems caused by SQL injection. However, WordPress allowed the writing method of ignoring the second parameter from version 2.2 or earlier, and now it suddenly makes the second parameter mandatory, which will inevitably lead to many themes and plug-ins not being used normally.
solution
Before updating the theme, I’ll talk about the solution here, so that users can solve it themselves first. I believe there are other themes or plug-ins that may have similar problems, and I hope it will help you.
I’ll give you a centralized solution:
1. Out of sight, out of mind;
This is the easiest way to block this warning message. Fill in the following code in wp-config.php under your blog, and modify it to the following if it already exists.
@ini_set(‘display_errors’, 0);
We directly block the error prompt, but the consequence is that the error still exists, but we just don’t prompt it! Unsafe is not recommended, but it can be used temporarily.
2. Simple solution to the error prompt
We need to locate the files and codes that have problems first. PHP’s code error reporting is very accurate. Open the file in the error reporting reminder (the previous file, not wp-db.php) and find the code.
$wpdb->prepare
. Add an empty string as the second parameter for this method, such as:
$wpdb->prepare(‘xxx’);
instead
$wpdb->prepare(‘xxx’, ”);
Just do it.
But this is also a temporary solution, not a permanent cure, but a wrong response.
3. Completely fix the problem
As mentioned above, the second parameter is needed, but the second method gives the second parameter, but it doesn’t give a solution because of it.
Problem code:
$wpdb->prepare( “SELECT * FROM table WHERE id = $id” );
The solved code:
$wpdb->prepare( “SELECT * FROM table WHERE id = %d”, $id );
Add the second parameter to pass the value, and use prepare just to make SQL more secure. So if you encounter this problem, you might as well try the above method. If there are many parameters in your SQL, you can write it like the following.
$wpdb->prepare( “SELECT * FROM table WHERE ID = %d AND name = %s”, $id, $name );
OK! Everything is settled! The world is clean!
summary
WordPress keeps iterating over versions. Some methods have been replaced, and some methods have been abandoned. Although they can still be used, they are inevitably unsafe. I hope everyone will check whether the theme is out of date every time they upgrade the big version! Otherwise, it is still a hidden danger!