function comment_exists($comment_author, $comment_date) {
global $wpdb;
- return $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments
- WHERE comment_author = '$comment_author' AND comment_date = '$comment_date'");
+ return $wpdb->get_var( $wpdb->prepare("SELECT comment_post_ID FROM $wpdb->comments
+ WHERE comment_author = %s AND comment_date = %s", $comment_author, $comment_date) );
}
function edit_comment() {