+ /**
+ * Prepares a SQL query for safe execution. Uses sprintf()-like syntax.
+ *
+ * This function only supports a small subset of the sprintf syntax; it only supports %d (decimal number), %s (string).
+ * Does not support sign, padding, alignment, width or precision specifiers.
+ * Does not support argument numbering/swapping.
+ *
+ * May be called like {@link http://php.net/sprintf sprintf()} or like {@link http://php.net/vsprintf vsprintf()}.
+ *
+ * Both %d and %s should be left unquoted in the query string.
+ *
+ * <code>
+ * wpdb::prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d", "foo", 1337 )
+ * </code>
+ *
+ * @link http://php.net/sprintf Description of syntax.
+ * @since 2.3.0
+ *
+ * @param string $query Query statement with sprintf()-like placeholders
+ * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called like {@link http://php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}.
+ * @param mixed $args,... further variables to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}.
+ * @return null|string Sanitized query string
+ */
+ function prepare($query = null) { // ( $query, *$args )
+ if ( is_null( $query ) )
+ return;
+ $args = func_get_args();
+ array_shift($args);
+ // If args were passed as an array (as in vsprintf), move them up
+ if ( isset($args[0]) && is_array($args[0]) )
+ $args = $args[0];
+ $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
+ $query = str_replace('"%s"', '%s', $query); // doublequote unquoting
+ $query = str_replace('%s', "'%s'", $query); // quote the strings
+ array_walk($args, array(&$this, 'escape_by_ref'));
+ return @vsprintf($query, $args);
+ }
+
+ /**
+ * Print SQL/DB error.
+ *
+ * @since 0.71
+ * @global array $EZSQL_ERROR Stores error information of query and error string
+ *
+ * @param string $str The error to display
+ * @return bool False if the showing of errors is disabled.
+ */
+ function print_error($str = '') {
+ global $EZSQL_ERROR;
+
+ if (!$str) $str = mysql_error($this->dbh);
+ $EZSQL_ERROR[] = array ('query' => $this->last_query, 'error_str' => $str);
+
+ if ( $this->suppress_errors )
+ return false;
+
+ if ( $caller = $this->get_caller() )
+ $error_str = sprintf(/*WP_I18N_DB_QUERY_ERROR_FULL*/'WordPress database error %1$s for query %2$s made by %3$s'/*/WP_I18N_DB_QUERY_ERROR_FULL*/, $str, $this->last_query, $caller);
+ else
+ $error_str = sprintf(/*WP_I18N_DB_QUERY_ERROR*/'WordPress database error %1$s for query %2$s'/*/WP_I18N_DB_QUERY_ERROR*/, $str, $this->last_query);
+
+ $log_error = true;
+ if ( ! function_exists('error_log') )
+ $log_error = false;
+
+ $log_file = @ini_get('error_log');
+ if ( !empty($log_file) && ('syslog' != $log_file) && !@is_writable($log_file) )
+ $log_error = false;
+
+ if ( $log_error )
+ @error_log($error_str, 0);
+
+ // Is error output turned on or not..
+ if ( !$this->show_errors )
+ return false;
+
+ $str = htmlspecialchars($str, ENT_QUOTES);
+ $query = htmlspecialchars($this->last_query, ENT_QUOTES);
+
+ // If there is an error then take note of it
+ print "<div id='error'>
+ <p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
+ <code>$query</code></p>
+ </div>";
+ }