$term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) );
}
$term = $wpdb->get_row( $wpdb->prepare( "SELECT t.*, tt.* FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON t.term_id = tt.term_id WHERE tt.taxonomy = %s AND $field = %s LIMIT 1", $taxonomy, $value) );
@@ -1250,8+1255,10 @@ function &get_terms($taxonomies, $args = '') {
$where .= " AND t.slug = '$slug'";
}
$where .= " AND t.slug = '$slug'";
}
- if ( !empty($name__like) )
- $where .= " AND t.name LIKE '" . like_escape( $name__like ) . "%'";
+ if ( !empty($name__like) ) {
+ $name__like = like_escape( $name__like );
+ $where .= $wpdb->prepare( " AND t.name LIKE %s", $name__like . '%' );
+ }
if ( '' !== $parent ) {
$parent = (int) $parent;
if ( '' !== $parent ) {
$parent = (int) $parent;
@@ -1273,7+1280,7 @@ function &get_terms($taxonomies, $args = '') {
if ( !empty($search) ) {
$search = like_escape($search);
if ( !empty($search) ) {
$search = like_escape($search);
- $where .= " AND (t.name LIKE '%$search%')";
+ $where .= $wpdb->prepare( " AND (t.name LIKE %s)", '%' . $search . '%');
}
$selects = array();
}
$selects = array();
@@ -2842,7+2849,9 @@ function get_term_link( $term, $taxonomy = '') {