I’m having to update a WP installation for a community organisations from version 2.9.1 to the current 3.9.1.
The installation has a couple of custom built plugins that aren’t documented.
I’ve just performed the WP version update and now I see a warning (Missing argument 2 for
wpdb::prepare()) on every page that relates to the following line in the code of one of these custom built plugin:
$rows = $wpdb->get_results($wpdb->prepare("SELECT id, name FROM ".$table_name));
From what I’ve read online, this is due to a change in the coding, that requires 2 values to be sent to
wpdb::prepare(), but I’ve no idea how the line of code given above, needs to be changed.
If someone could help me out, I’d really appreciate it.
Below are the methods you can try. The first solution is probably the best. Try others if the first one doesn’t work. Senior developers aren’t just copying/pasting – they read the methods carefully & apply them wisely to each case.
That was not exactly change in code, that was change to better inform people they are not using the method correctly.
In line with wpdb documentation you need to properly pass values, or they won’t be properly escaped in query.
In your case it would turn into something like:
$wpdb->prepare("SELECT id, name FROM %s", $table_name)
Note that if
$table_name isn’t coming from any untrusted input, then there is no need to prepare query in such case altogether.