- $dupe = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND comment_author_url = '$comment_author_url'");
+ $dupe = $wpdb->get_results( $wpdb->prepare("SELECT * FROM $wpdb->comments WHERE comment_post_ID = %d AND comment_author_url = %s", $comment_post_ID, $comment_author_url) );
if ( $dupe )
trackback_response(1, 'We already have a ping from that URL for this post.');
if ( $dupe )
trackback_response(1, 'We already have a ping from that URL for this post.');
@@ -97,4+108,4 @@ if ( !empty($tb_url) && !empty($title) ) {