use prepared statements for current date instead of concatenation

pluginkollektiv · Nov 23, 2019 · 3026056 · 3026056
1 parent 85f0545
commit 3026056
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 9 deletions.
diff --git a/inc/class-statify-cron.php b/inc/class-statify-cron.php
@@ -32,7 +32,8 @@ public static function cleanup_data() {
 		// Remove items.
 		$wpdb->query(
 			$wpdb->prepare(
-				"DELETE FROM `$wpdb->statify` WHERE created <= SUBDATE(" . strftime( '%Y-%m-%d', current_time( 'timestamp' ) ) . ", %d)",
+				"DELETE FROM `$wpdb->statify` WHERE created <= SUBDATE(%s, %d)",
+				strftime( '%Y-%m-%d', current_time( 'timestamp' ) ),
 				(int) self::$_options['days']
 			)
 		);

diff --git a/inc/class-statify-dashboard.php b/inc/class-statify-dashboard.php
@@ -319,6 +319,8 @@ private static function _select_data() {
 		$today       = (int) self::$_options['today'];
 		$show_totals = (int) self::$_options['show_totals'];
 
+		$current_date = strftime( '%Y-%m-%d', current_time( 'timestamp' ) );
+
 		$data = array(
 			'visits'   => $wpdb->get_results(
 				$wpdb->prepare(
@@ -327,26 +329,49 @@ private static function _select_data() {
 				),
 				ARRAY_A
 			),
-			'target'   => $wpdb->get_results(
+		);
+
+		if ( $today ) {
+			$data['target'] = $wpdb->get_results(
 				$wpdb->prepare(
-					"SELECT COUNT(`target`) as `count`, `target` as `url` FROM `$wpdb->statify` " . ( $today ? "WHERE created ='" . strftime( '%Y-%m-%d', current_time( 'timestamp' ) ) . "'": '' ) . ' GROUP BY `target` ORDER BY `count` DESC LIMIT %d',
+					"SELECT COUNT(`target`) as `count`, `target` as `url` FROM `$wpdb->statify` WHERE created = %s GROUP BY `target` ORDER BY `count` DESC LIMIT %d",
+					$current_date,
 					$limit
 				),
 				ARRAY_A
-			),
-			'referrer' => $wpdb->get_results(
+			);
+			$data['referrer'] = $wpdb->get_results(
 				$wpdb->prepare(
-					"SELECT COUNT(`referrer`) as `count`, `referrer` as `url`, SUBSTRING_INDEX(SUBSTRING_INDEX(TRIM(LEADING 'www.' FROM(TRIM(LEADING 'https://' FROM TRIM(LEADING 'http://' FROM TRIM(`referrer`))))), '/', 1), ':', 1) as `host` FROM `$wpdb->statify` WHERE `referrer` != '' " . ( $today ? "AND created ='" . strftime( '%Y-%m-%d', current_time( 'timestamp' ) ) . "'" : '' ) . ' GROUP BY `host` ORDER BY `count` DESC LIMIT %d',
+					"SELECT COUNT(`referrer`) as `count`, `referrer` as `url`, SUBSTRING_INDEX(SUBSTRING_INDEX(TRIM(LEADING 'www.' FROM(TRIM(LEADING 'https://' FROM TRIM(LEADING 'http://' FROM TRIM(`referrer`))))), '/', 1), ':', 1) as `host` FROM `$wpdb->statify` WHERE `referrer` != '' AND created = %s GROUP BY `host` ORDER BY `count` DESC LIMIT %d",
+					$current_date,
 					$limit
 				),
 				ARRAY_A
-			),
-		);
+			);
+		} else {
+			$data['target'] = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT COUNT(`target`) as `count`, `target` as `url` FROM `$wpdb->statify` GROUP BY `target` ORDER BY `count` DESC LIMIT %d",
+					$limit
+				),
+				ARRAY_A
+			);
+			$data['referrer'] = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT COUNT(`referrer`) as `count`, `referrer` as `url`, SUBSTRING_INDEX(SUBSTRING_INDEX(TRIM(LEADING 'www.' FROM(TRIM(LEADING 'https://' FROM TRIM(LEADING 'http://' FROM TRIM(`referrer`))))), '/', 1), ':', 1) as `host` FROM `$wpdb->statify` WHERE `referrer` != '' GROUP BY `host` ORDER BY `count` DESC LIMIT %d",
+					$limit
+				),
+				ARRAY_A
+			);
+		}
 
 		if ( $show_totals ) {
 			$data['visit_totals'] = array(
 				'today' => $wpdb->get_var(
-					"SELECT COUNT(`created`) FROM `$wpdb->statify` WHERE created = DATE(NOW())"
+					$wpdb->prepare(
+						"SELECT COUNT(`created`) FROM `$wpdb->statify` WHERE created = %s",
+						$current_date
+					)
 				),
 				'since_beginning' => $wpdb->get_var(
 					"SELECT COUNT(`created`) FROM `$wpdb->statify`"