Error with WP 3.5: wpdb::prepare()

This is due to wpdb::prepare() requiring a minimum of 2 arguments as of 3.5. Plugin/theme authors should be referred to this changeset: https://core.trac.wordpress.org/changeset/22429

If you’re a user: Your site is fine. If you’re a plugin/theme author, please read: http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/ . If you’re a user, please point your plugin/theme author to that post.

I’m sorry but I’m not a developer and am having a hard time applying these fixes to this plugin. Looking at the referenced lines in the error this is what is currently there: <?php global $wpdb, $post; $checked = ''; if ($post->post_status == 'publish' && $post->post_password == '' && $post->post_type == 'post') { $res = $wpdb->get_var($wpdb->prepare("SELECT post_id FROM $wpdb->featured_posts WHERE post_id = $post_id")); if ($res) { $checked = 'checked="true"'; } else { $checked = ''; } ?> I see the wpdb->prepare argument but not sure what I need to change it to.

Replace this: $wpdb->get_var($wpdb->prepare("SELECT post_id FROM $wpdb->featured_posts WHERE post_id = $post_id")); With this: $wpdb->get_var($wpdb->prepare( "SELECT post_id FROM $wpdb->featured_posts WHERE post_id = %d", $post_id ));

That worked, but now I’m getting a new error on a new line. Code appears to be: if ($action_delete == 1) { $success = $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->featured_posts WHERE post_id = $post_id ")); } else { $success = $wpdb->insert($wpdb->featured_posts, array( 'post_id' => $post_id, 'created' => time() ), array( '%d', '%d' ) ); } I can change the one line to: $success = $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->featured_posts WHERE post_id = $d ", $post_id )); That seems to work, but I get an error of “There was some error while updating.Please try again” when unchecking featured posts, so I assume some change needs to be made to the other wpdb line.

purrdesign – It should be like this I believe: $success = $wpdb->query($wpdb->prepare("DELETE FROM $wpdb->featured_posts WHERE post_id = %d ",$post_id)); The $d needs to be a %d in order for the variable to be replaced just like Drew did otherwise your code looks correct.

How can I change this? $postids = $wpdb->get_col( $wpdb->prepare( " SELECT ID FROM $wpdb->posts WHERE post_status = 'publish' AND post_type = 'post' " ) );

Anyone can help me edit this line,please. $tax_array = $wpdb->get_results($wpdb->prepare($sql));

Can someone help with this line, generating the same error: $th_vers = $wpdb->get_var( $wpdb->prepare( "SELECT th_vers FROM $table WHERE id = 1 LIMIT 0,1" ) );

Hey everyone, I’m having the same problem… The Warning: “Warning: Missing argument 2 for wpdb::prepare(), called in /home/hubdc/hubdconline.org/wp-content/themes/brainstorm/functions/sidebars.php on line 70 and defined in /home/hubdc/hubdconline.org/wp-includes/wp-db.php on line 990” The Referenced line of code $widgetized_pages = $wpdb->get_col($wpdb->prepare(“SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = ‘jw_sidebar'”)); I’m also not a developer… any ideas??

Hi everyone! In case some people are still wondering how to change the code to properly pass 2 arguments to prepare(), here is an example: //OLD: $wpdb->prepare( "SELECT * FROM some_table WHERE ID = $id AND name = $name" ); //NEW: $wpdb->prepare( "SELECT * FROM some_table WHERE ID = %d AND name = %s", $id, $name ); %d for integers, %s for strings, %f for floats. The line of code posted by AlanCWebb would be changed the following way: //OLD $widgetized_pages = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'jw_sidebar'")); //NEW $jw_sidebar = 'jw_sidebar'; $widgetized_pages = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = %s",$jw_sidebar)); Hope, it helps someone. Regards, Alex

@alexrayan , I owe you a beer. Thanks so much!

need help here for a plugin that has no more support from author, gurus please assist.. $sql = $this->db->prepare( “SELECT * FROM {$this->popover} WHERE popover_active = 1 ORDER BY popover_order ASC” );

and.. one more syntax error.. <?php if (function_exists(‘dynamic_sidebar’) && dynamic_sidebar(‘Footer Column 1’)){};?> pls help… thanks

Hi Shadowspid! Regarding the first piece of code, you would need to move the property out of the query and into a variable before it, then pass the variable as a second argument to the function: $popover = $this->popover; $sql = $this->db->prepare( "SELECT * FROM %s WHERE popover_active = 1 ORDER BY popover_order ASC", $popover ); Regarding the second piece of code, it’s unclear what the problem is. What errors are you getting with it? Regards, Alex

Hi Alex here’s the error i got at the footer of the site: Parse error: syntax error, unexpected ‘;’ in /home/bridgest/public_html/wp-content/themes/itworx_1.3/footer.php on line 35

Hi Shadowspid, Sorry, I missed the error in the code when looking at it last time. It does have an unexpected “;” as the error states. Remove “;” from after if (function_exists('dynamic_sidebar') && dynamic_sidebar('Footer Column 1')){ } It’s not needed there. Regards, Alex

many thanks alex.. i found out that the file was hacked.

Hi there I’m experiencing a similar problem 🙁 Stuck with an error(“Missing argument 2 for wpdb::prepare()…”) for the following code: function nws_get_theme_version() { global $wpdb; $th_vers = NULL; // the table $table = is_dbtable_there(‘status’); // the sql $th_vers = $wpdb->get_var( $wpdb->prepare( “SELECT th_vers FROM $table WHERE id = 1 LIMIT 0,1” ) ); return $th_vers; } Would appreciate it if anybody could help!

Hello! Help me please! I’m experiencing a similar problem 🙁 This lines with error (Warning: Missing argument 2 for wpdb::prepare() in /home/u119588452/public_html/wp-includes/wp-db.php on line 990): foreach ($files as $key=>$file) { $ar_file_id[] = $file->ID; $ar_link[$file->ID] = & $files[$key]; } and: usort ($files,’_sort_order’); foreach ($files as $ord=>$row) { if($row->menu_order == 0) $ar_link[$row->post_parent]->files[] = $row; else $ar_link[$row->post_parent]->files[$row->menu_order] = $row; } Plugin name – Ads_Wordpress. Help me? please!!!!:'(

Hello vadim_k! Could you please post the line of code in question with prepare() function used? The lines of code that you posted don’t have that function. It’s hard to guess what errors they are outputting without errors specified. Regards, Alex

Alex, this? Warning: Missing argument 2 for wpdb::prepare(), called in /home/u119588452/public_html/wp-content/plugins/ads-wordpress/ads_admin.php on line 23 and defined in /home/u119588452/public_html/wp-includes/wp-db.php on line 990

Hi Vadim, I was trying to look for the plugin online to download it and see the code but I couldn’t find it. Please copy paste the code that is on line 23 in ads_admin.php in the plugin folder (ads-wordpress) and I’ll help you correct it. This is the line of code that needs to be changed since it’s using prepare() incorrectly (that’s what the error you posted tells us). Best regards, Alex

Hi, Alex! here the code that is on line 23: $ads_user_id = $wpdb->get_var( $wpdb->prepare( “SELECT ID FROM $wpdb->users WHERE user_login = ‘$ads_user_name'” )); But now is showing error with this text: Warning: Missing argument 2 for wpdb::prepare() in /home/u119588452/public_html/wp-includes/wp-db.php on line 990. p.s.: my English is bad, sorry, please…

Alex, link for download this plugin http://wp.od.ua/files/ads-wordpress_4.zip

Hi Vadim, Here’s what you have to change in ads_admin.php on line 23: From: $ads_user_id = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_login = '$ads_user_name'" )); To: $ads_user_id = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM $wpdb->users WHERE user_login = '%s'", $ads_user_name )); Best regards, Alex

I am having the same error with the following lines: $where = $wpdb->prepare("WHERE p.post_date < '".$current_post_date."' AND p.post_type = '". $post->post_type ."' AND p.post_status = 'publish' AND p.ID != '". $post->ID ."' $posts_in_ex_cats_sql"); Is there anyone that could help me out? I am sorry, but I am not sure how to amend this myself 🙁

Now you no longer need this plugin. You can simly use : http://wordpress.org/extend/plugins/my-posts-order/

Hello guys. I have the same problem with a file…. The line is : $has_children = $wpdb->get_var($wpdb->prepare(“SELECT COUNT(meta_id) FROM $wpdb->postmeta WHERE meta_key=’_menu_item_menu_item_parent’ AND meta_value='”.$item->ID.”‘”)); Anyone ? A solution ? thanks a lot

Anyone? Please . i want to go online with the site but i’m afraid of an SQL injection…

Hi Adrian, This is how to fix the following. From: $has_children = $wpdb->get_var($wpdb->prepare("SELECT COUNT(meta_id) FROM $wpdb->postmeta WHERE meta_key='_menu_item_menu_item_parent' AND meta_value='".$item->ID."'")); To: $itemID = $item->ID; $has_children = $wpdb->get_var($wpdb->prepare("SELECT COUNT(meta_id) FROM $wpdb->postmeta WHERE meta_key='_menu_item_menu_item_parent' AND meta_value='%d'",$itemID)); The pattern is the following: //OLD: $wpdb->prepare( "SELECT * FROM some_table WHERE ID = $id AND name = $name" ); //NEW: $wpdb->prepare( "SELECT * FROM some_table WHERE ID = %d AND name = %s", $id, $name ); You pass the variables as a second parameter of prepare() function and use %d (for integers), %s (for strings), or %f (for floats) in the place of the variables in the first argument. Best regards, Alex

Alex, thanks a lot . I tried it and it worked. One more thing Alex, can i contact you for some custom work ? Thanks

Sure thing, Adrian. Email me at alex@alexiz.com and we’ll discuss. Best regards, Alex

Hi Adrian, Would you perhaps also be able to fix the code that I posted earlier? Here is the code: $where = $wpdb->prepare("WHERE p.post_date < '".$current_post_date."' AND p.post_type = '". $post->post_type ."' AND p.post_status = 'publish' AND p.ID != '". $post->ID ."' $posts_in_ex_cats_sql"); I checked your pattern suggestion above, but I am not sure how to fix it 🙁 Thanks! Jasper

Hi Jasper, Try this, although the last part of the code is a little weird: $where = $wpdb->prepare("WHERE p.post_date < '%s' AND p.post_type = '%s' AND p.post_status = 'publish' AND p.ID != '%d' %s", $current_post_date, $post->post_type, $post->ID, $posts_in_ex_cats_sql); Best regards, Alex

Is this topic still active? I’m having this issue with this warning Warning: Missing argument 2 for wpdb::prepare(), ****/banner-garden/bannergarden.class.php on line 404 and defined in *wp-includes/wp-db.php on line 992 $count_of_banners = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->b_table." WHERE b_campaign = ".$camp->c_id)); Warning: Missing argument 2 for wpdb::prepare(), called in /***/banner-garden/bannergarden.class.php on line 383 and defined in /***/wp-includes/wp-db.php on line 992 $name = $wpdb->get_var($wpdb->prepare("SELECT c_name FROM ".$this->c_table." WHERE c_id = ".$c_id)); Warning: Missing argument 2 for wpdb::prepare(), called in /***/banner-garden/bannergarden_frontend.class.php on line 141 and defined in /***/wp-includes/wp-db.php on line 992 $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->c_table." WHERE c_id = ".$c_id)); I added “, $id, $name” (can you tell I’m null at this?) as this pointed , and it got rid of the warnings but the plugin isn’t letting me add new banners or modify them.

Hello Guys, I am having the same problem and undertand the concept of changing, or adding the 2 argument, if you will, but I really have no idea of which one to change. I am using Classipress and on the side bar, right above the sub-categories I get this message: Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-refine.php on line 27 and defined in /home/content/57/11469657/html/501/miami/wp-includes/wp-db.php on line 992 And then just above the ad I picture I have this message: Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-functions.php on line 403 and defined in /home/content/57/11469657/html/501/miami/wp-includes/wp-db.php on line 992 When I open the files where the changes have to be made I find a lot of those “arguments” and then I don’t know what to change. Can anyone help? Thanks!

Hi 501dash, Could you please post the code from these lines (line 27 from theme-refine.php and line 403 from theme-functions.php) here so I could take a look at what to change? Regards, Alex

Hi Siutouamy, In what way did you change this line? $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM ".$this->c_table." WHERE c_id = ".$c_id)); It should be: $count = $wpdb->get_var($wpdb->prepare("SELECT count(*) FROM %s WHERE c_id = %d, $this->c_table, $this->c_id)); There is no $id or $name variables in your example. Please make sure you passed the correct variables. Regards, Alex

Hello AlexRyan, Thanks for your reply. I am no so smart with WordPress yet, so, where would I find these pages? I looked in the wp-includes folder but can’t find them. I have not changed anything yet. Thanks!

Hi 501dash, The files should be here: /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-refine.php & /home/content/57/11469657/html/501/miami/wp-content/themes/AT-Classipress/includes/theme-functions.php as the warning message points out. If you’re connecting via ftp, please go to your themes folder and look for a theme called “Classipress”. Then look into includes directory there. Both files should be there. If you don’t see them, then the theme that’s being called is located somewhere else. The root of the WP site should be ‘miami’ as the path suggests. Regards, Alex

Hi AlexRyan, This is the full content of that page: theme-refine [Moderator note – That’s way too much code to post here and you did not use the code buttons so it messed up the forum – please post to a pastebin – see: http://codex.wordpress.org/Forum_Welcome#Posting_Code%5D I am looking for the other one now… Thanks

Codes removed… AlexRyan, Should I email them to you? Thanks!

@501dash – that’s way too much code to post here – please post to a pastebin – see: http://codex.wordpress.org/Forum_Welcome#Posting_Code

AlexRyan, Should I email them to you?

Hi 501dash, here’s what you need to change in the theme-refine.php file: FROM : $results = $wpdb->get_results( $sql = $wpdb->prepare( "SELECT ID, form_cats FROM ". $wpdb->prefix . "cp_ad_forms WHERE form_status = 'active'" ) ); TO : $results = $wpdb->get_results( $sql = $wpdb->prepare( "SELECT ID, form_cats FROM %s cp_ad_forms WHERE form_status = 'active'", $wpdb->prefix ) ); Regards, Alex

AlexRayan, I tried changing it but it didn’t work. Can I email it to you? Maybe I am doing something totally wrong… Thanks!

sure, email me the php files in a zip (so they don’t get blocked my mail) – alex (at) alexiz.com.

Hi Can somebody help me. I get the following error message: Warning: Missing argument 2 for wpdb::prepare(), called in ……plugins/secure-wordpress/inc/swUtil.php on line 137 and defined in …..wp-includes/wp-db.php on line 992 These are the lines: Line 137 in swUtil.php $obj->data = $wpdb->prepare($out); Line 992 in wp-db.php function prepare( $query, $args ) { Thank you Christian

Hi Christian, Could you please post the code that is in variable $out since this is the one you would need to change. It should be defined before line 137. Best regards, Alex

Hi Alex I can’t find it. I send you the file by e-mail. The answer then we can post in the forum. Christian

@alex Did you get my email with the file? Christian

Hi Christian, Yes, I did and replied to you yesterday to your email. Just in case you didn’t get it, here’s my reply: I looked through the file and you can actually just remove prepare() from here since the data in $out in being validated when the posts are being saved from the back end. So, please change this line 137 from: $obj->data = $wpdb->prepare($out); to $obj->data = $out; Please let me know if it works for you. Best regards, Alex

Hi Alex Thank you very much! The error message is gone. It looks like it’s working. Best regards Christian

Hi I’ve again an error in one of the php files. Error message: Too few arguments in… ….wp-content/themes/CherryFramework/title.php on line 29 Below the lines 21 up to 31. Line 29 are in bold. —————————— <?php } elseif ( is_category() ) { ?> <?php printf( theme_locals(“category_archives”).”: %s”, ‘<small>’ . single_cat_title( ”, false ) . ‘</small>’ ); ?> <?php echo category_description(); /* displays the category’s description from the WordPress admin */ ?> <?php } elseif ( is_tax(‘portfolio_category’) ) { ?> <?php echo theme_locals(“portfolio_category”).”: “; ?> —————————— Best regards Christian

Hello Alex I have this problem appearing when accessing my website. `Warning: Missing argument 2 for wpdb::prepare(), called in /home/a12261/public_html/wp-content/plugins/groups/lib/core/class-groups-user.php on line 151 and defined in/home/a12261/public_html/wp-includes/wp-db.php on line 992 Please asvise Vukistar

I made a few changes on line 151 and now it saya…………… Parse error: syntax error, unexpected T_STRING in /home……../class-groups-user.php on line 157 This is line 157 “SELECT group_id FROM $user_group_table WHERE user_id = %d”, Please can someone advise me here.

Hi – I am having the same problem – my warning is: Warning: Missing argument 2 for wpdb::prepare(), called in /home/columbin/public_html/wp-content/themes/revelation-theme/lib/theme-sidebars.php on line 51 and defined in /home/columbin/public_html/wp-includes/wp-db.php on line 992 Line 51 is: $widgetized_pages = $wpdb->get_col( $wpdb->prepare(“SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = ‘celta_sidebar'” ) ); From a previous forum reply, I changed Line 51 to: $widgetized_pages = $wpdb->get_col(“SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = ‘celta_sidebar'” ); The error message no longer appears on the site, however my admin login page is completely blank, ie I can’t log in… Can you help? Thank you!

I’m sorry to add more to the list. Ive read the info and tried to make it right but I just seem to make more errors. My error message is; Warning: Missing argument 2 for wpdb::prepare(), called in/wp-content/themes/dt-nimble/functions/core/core-filters.php on line 8 and defined in wp-includes/wp-db.php on line 992 core-filters file reads; <?php function dt_core_parents_where_filter( $where ) { if( function_exists(‘dt_storage’) ) { global $wpdb; $param = dt_storage(‘where_filter_param’); if( $param ) { $where .= sprintf( ” AND $wpdb->posts.post_parent IN(%s)”, $wpdb->prepare($param) ); }else { $where .= ‘ AND 1=0’; } } return $where; } function dt_core_join_left_filter( $parts ) { if( isset($parts[‘join’]) && !empty($parts[‘join’]) ) { $parts[‘join’] = str_replace( ‘INNER’, ‘LEFT’, $parts[‘join’]); } return $parts; } function dt_core_media_item_remove_insert_button( $args = array() ) { if( isset($args[‘send’]) ) $args[‘send’] = false; return $args; } function dt_inset_into_post_filter ( $html, $id, $caption, $title, $align, $url ) { if ( isset( $url ) ) { $html = str_replace( ‘href=’, ‘class=”highslide” onclick=”return hs.expand(this)” href=’, $html ); } return $html; } //add_filter( ‘image_send_to_editor’, ‘dt_inset_into_post_filter’, 10, 6 ); ?> Is it possible one of you nice people could help me out. I have contacted the theme provider but theyre person is away until th e30th Sep and I dont think I want the message for the world to see for that long. Many Thanks in advance Mike B

Guys I don’t want to steal topic or anything, I have same issue, can somebody help me I get warrning as well, this is code: global $wpdb; $sql = $wpdb->prepare( "SELECT id, name, description, options FROM ".$wpdb->prefix."_bk_loupe_settings WHERE is_active='true';"); $loupes = $wpdb->get_results( $sql );