I'm returning some data from custom table, but I'm not sure if is the code enough secured. Can you help me?
$page_title = get_the_title();
$id = $wpdb->get_row('select id from table where name="'.htmlspecialchars($page_title).'"');
Not sure why you would match a title, usually when doing a search its better to use an id.
But this is what a custom query would look like to get a post id when the title matches the var. prepare does the proper escaping. See the first place prepare comes up here http://codex.wordpress.org/Class_Reference/wpdb
global $wpdb;
$page_title = get_the_title();
$id = $wpdb->get_row($wpdb->prepare('SELECT id FROM ' . $wpdb->posts . ' WHERE post_title = %s', $post_title));
Or you could use WordPress's esc_sql() function on your var.
http://codex.wordpress.org/Function_Reference/esc_sql
But like I said, this query seems backwards. If you have get_the_title() you should also have the_ID() or get_the_ID() so the query is not needed. So it depends what you are trying to do.
Related
I have a WordPress site and i have nearly 500 posts want to delete last two lines from all my posts remember lines are not same any plugin or solution?
You can use WP_Query to get all the posts, use the wp_update_post() function on each one, and based on what separates the "last two lines" of each post, explode it as a delimiter.
If your post is "Hi. My name is Xhynk. I love WordPress. Usually." And you have another that's "Hi. This is a post. Just a post. Yup. Just a post. Yeah."
You can use a WP_Query to grab the posts, and modify the post content with:
$content = get_the_content();
$content = explode( '. ', $content ); //explode into array joined at every period followed by space
$lines = count( $content ); // 3 in the first, 6 in the second
$count = 0;
foreach( $content as $line ){
$count++;
$new_content .= $line.'. ';
if( $count == $lines - 2) break;
}
And then use wp_update_post() to swap the content. You just need an identical way to identify the last 2 lines of each post.
If you're not familiar with WP_Query and wp_insert_post, or MySQL queries with the $wpdb object, you may not want to attempt this and just do it manually. Also, take a backup of your database before bulk modifying anything like this.
I added a line in my Wordpress HTML code ( header.php ) to set the date of last update. You understand that i have to make it everytime i make a new post or put a new product. Is there a way to do it automatically? I'd like to get the date of the last post/product and echo it in the header. My knowledge of PHP is poor, sorry for that.
Add this code in functions.php
<?php
function last_updated(){
global $wpdb;
$sql = "SELECT post_modified
FROM $wpdb->posts
WHERE post_type='post' OR post_type='product'
AND post_status='publish'
ORDER BY post_modified DESC
LIMIT 1";
$last_update = $wpdb->get_var( $sql );
$last_update = date("d-m-Y", strtotime($last_update));
return $last_update;
}
add_shortcode('last_updated_date','last_updated');
?>
Add this code in header.php
<?php echo do_shortcode('[last_updated_date]');?>
I have no idea how to get the date of attachments. I acquire the attachments as follows:
$attachments = get_children(array('post_parent'=>$post->ID, 'post_type'=>'attachment', 'post_mime_type'=>'image'));
foreach ( $attachments as $attachment ) {
//I want to get the date of the attachment
}
Any ideas? Thanks for looking!
Attachment is a type of post, a Custom Post Type at the end of the day. As so, they share exactly the same table and characteristics as other post types.
It's just a matter of:
foreach ( $attachments as $attachment ) {
echo $attachment->post_title . ' - ' . $attachment->post_date;
}
If you need specific attachments metadata, they have specialized functions, like wp_get_attachment_metadata as suggested by #brbcoding in comments.
I have made a shortcode inside my plugin, which is working great .
The shortcode needs to take some parameters and create a custom loop with output.
One of the parameters is how many posts to output the loop for ($markers)
$args=array(
'meta_key'=>'_mykey',
'post_status'=>'publish',
'post_type'=>'post',
'orderby'=>'date',
'order'=>'DESC',
'posts_per_page'=>$markers,
);
$wp_query = new WP_Query();
$wp_query->query($args);
if ($wp_query->have_posts()) : while (($wp_query->have_posts()) ) : $wp_query->the_post();
// do the loop using get_the_id() and $post->id
endwhile;endif;
wp_reset_query();//END query
On occations I will need to have data from ALL posts ($markers = '-1' ) and sometimes only one ($markers = '1' ) or muliple ($markers = 'x').
All of those work great on single pages / posts - but My problem is that when this function is in a place where I have more than one post (!is_single) and ($ markers = '1' )it will always return the data for the LATEST post , and not for the correct one ..
(for example in the default wordpress theme, where it would display10 posts - they will all be the same data )
It is obviously a problem of the $post->ID - but how can I have the correct post ID when doing a custom loop OUTSIDE the wp loop ?
I tried to ovverride the problem by
global $post;
$thePostIDtmp = $post->ID; //get the ID before starting new query as temp id
$wp_query = new WP_Query();
$wp_query->query($args);
// Start Custom Loop
if (!is_single()){
$post_id_t = $thePostIDtmp;}
else {
$post_id_t = $post->ID;}
and then use $post_id_t - but it did not seems to work ,
Should I not use get_the_id() ? or should I not use query (and use get_posts) ??
Any ideas / solutions / thoughts ??
I would use query_posts(http://codex.wordpress.org/Function_Reference/query_posts)rather than override the $wp object. You should be able to include as many loops on the page as you want with this. If you have problems with this you can use: http://codex.wordpress.org/Function_Reference/wp_reset_query just before you call it.
I find this: http://blog.cloudfour.com/wordpress-taking-the-hack-out-of-multiple-custom-loops/
takes a bit of the pain away too.
There are basically two sorts of querying posts in WordPress: Those that alter the main loop and those that do not. If you want to change the main loop like the one used to display category archive pages then use query_posts. It let's you do exactly that. Delete, change and append parameters of the default query to change the outcome of a typical page.
query_posts has some drawbacks though.
Then there are queries that are just used to get stuff out of the database to play around with e.g. displaying the latest post titles in the sidebar or the attachments of the current post.
To do that create a new WP_Query object that will build your custom loop independently of the main loop like so:
// The Query
$the_query = new WP_Query( $args );
// The Loop
while ( $the_query->have_posts() ) : $the_query->the_post();
echo '<li>';
the_title();
echo '</li>';
endwhile;
// Reset Post Data
wp_reset_postdata();
Then there is get_posts() which is like the little brother of WP_Query. It has an easier interface in my opinion and returns an array with the results that is easier to work with.
It looks like this:
$myposts = get_posts( $args );
foreach($myposts as $post) : setup_postdata($post);
echo "<li>";
the_title();
echo "</li>";
endforeach;
Inside the foreach template tags like get_the_id() will work.
I built a very unique and javascript intensive theme for wordpress and now shortcodes do not work. I do not have any plugins installed, so it's not that. What did I drop from my wordpress template files that is required to use shortcodes (ie: [gallery]).
I understand how to make shortcodes, but how does WP take your post and replace "[gallery]" when it is spitting it back out for display?
EDIT:
here is what I'm currently working with:
$pagepull = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_type = 'page' AND post_status = 'publish' ORDER BY menu_order", ARRAY_A);
$i = 1;
foreach ($pagepull as $single_page){
echo "<div class=\"section\"><ul><li class=\"sub\" id=\"" . $i . "\"><div class=\"insection\">";
echo $single_page['post_content'];
$i++;
// more code that is irrelevant...
// more code that is irrelevant...
// more code that is irrelevant...
}
Ok, try this
$pagepull = $wpdb->get_results("SELECT * FROM $wpdb->posts WHERE post_type = 'page' AND post_status = 'publish' ORDER BY menu_order", ARRAY_A);
$i = 1;
foreach ($pagepull as $single_page){
echo "<div class=\"section\"><ul><li class=\"sub\" id=\"" . $i . "\"><div class=\"insection\">";
echo apply_filters('the_content',$single_page['post_content']);
$i++;
Wordpress take your content and apply filters to it. You must register a filter and let parse your content.
If your theme is not displaying your shortcodes, probabily you output the content of the post without let Wordpress filter it.
Calling the function get_the_content() for a post, does not run the filter for shortcodes (if any).
To have apply
<?php apply_filters('the_content',get_the_content( $more_link_text, $stripteaser, $more_file )) ?>
Ref: http://codex.wordpress.org/Function_Reference/get_the_content
Note: many plugins register filters with the content to implement shortcodes!
My solution was replacing
<?= get_the_content() ?>
with
<?= the_content() ?>
which, as keatch already mentioned, applies filters before returning content.
Read this carefully about the_content
use this if you want the content inside a variable:
ob_start();
the_content();
$content = ob_get_clean();
now you could just do echo $content; or use regex or whatever you want to make the content look like how you want it.
I had the same issue.
Shortcodes depends on WP Loop, but that's a different issue. To make a long story short, I've added the_post(); at the page that should be showing the shortcode (for example articles.php).
Also, make sure that you are using the_content() in order to display the text (using $post->post_data for example won't show you shortcodes).
Please use the
ob_start();
in the starting of function and use
return ob_get_clean();
before closing the function.
Hope this will help full for you.
Cheers