Updating the plugin DB queries

Author: krugazul

includes/classes/class-activation.php

@@ -66,6 +66,8 @@ public static function create_tables( $table_name ) {
 	public static function maybe_upgrade( $table_name ) {
 		global $wpdb;
 
+		$table_name = esc_sql( $table_name );
+
 		// Get the current version number, defaults to 1.0
 		$version = get_option( 'kkd_db_version', '1.0' );
 
@@ -87,7 +89,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `plan` VARCHAR(255) NOT NULL AFTER `paid`;",
+						"ALTER TABLE `%s` ADD `plan` VARCHAR(255) NOT NULL AFTER `paid`;",
 						$table_name
 					)
 				);
@@ -109,7 +111,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `txn_code_2` VARCHAR(255) DEFAULT '' NULL AFTER `txn_code`;",
+						"ALTER TABLE `%s` ADD `txn_code_2` VARCHAR(255) DEFAULT '' NULL AFTER `txn_code`;",
 						$table_name
 					)
 				);
@@ -131,7 +133,7 @@ public static function maybe_upgrade( $table_name ) {
 				$wpdb->query(
 					$wpdb->prepare(
 						// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-						"ALTER TABLE %i ADD `paid_at` timestamp  AFTER `created_at`;",
+						"ALTER TABLE `%s` ADD `paid_at` timestamp  AFTER `created_at`;",
 						$table_name
 					)
 				);

includes/classes/class-form-submit.php

@@ -297,7 +297,7 @@ public function submit_action() {
 
 		global $wpdb;
 		$code            = $this->generate_code();
-		$table           = $wpdb->prefix . PFF_PAYSTACK_TABLE;
+		$table           = esc_sql( $wpdb->prefix . PFF_PAYSTACK_TABLE );
 
 		$this->fixed_metadata = [];
 
@@ -336,29 +336,58 @@ public function submit_action() {
 			'metadata' => wp_json_encode( $this->fixed_metadata ),
 		);
 
-		// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-		$exist = $wpdb->get_results(
-			$wpdb->prepare(
-				"SELECT * 
-					FROM %i
-					WHERE post_id = %s 
-					AND email = %s 
-					AND user_id = %s 
-					AND amount = %s 
-					AND plan = %s 
-					AND ip = %s 
-					AND paid = '0' 
-					AND metadata = %s",
-				$table,
-				$insert['post_id'], 
-				$insert['email'],
-				$insert['user_id'],
-				$insert['amount'],
-				$insert['plan'],
-				$insert['ip'],
-				$insert['metadata']
-			)
-		);
+
+		$current_version = get_bloginfo('version');
+		if ( version_compare( '6.2', $current_version, '<=' ) ) {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$exist = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * 
+					 FROM $table
+					 WHERE post_id = %d 
+					 AND email = %s 
+					 AND user_id = %d 
+					 AND amount = %f 
+					 AND plan = %s 
+					 AND ip = %s 
+					 AND paid = '0' 
+					 AND metadata = %s",
+					$insert['post_id'], 
+					$insert['email'],
+					$insert['user_id'],
+					$insert['amount'],
+					$insert['plan'],
+					$insert['ip'],
+					$insert['metadata']
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		} else {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$exist = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * 
+					 FROM `$table`
+					 WHERE post_id = '%d' 
+					 AND email = '%s' 
+					 AND user_id = '%d' 
+					 AND amount = '%f'
+					 AND plan = '%s' 
+					 AND ip = '%s' 
+					 AND paid = '0' 
+					 AND metadata = '%s'",
+					$insert['post_id'], 
+					$insert['email'],
+					$insert['user_id'],
+					$insert['amount'],
+					$insert['plan'],
+					$insert['ip'],
+					$insert['metadata']
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		}
+
 
 		if ( count( $exist ) > 0 ) {
 			// phpcs:ignore WordPress.DB.DirectDatabaseQuery

includes/classes/class-helpers.php

@@ -183,23 +183,47 @@ public function get_payments_by_id( $form_id = 0, $args = array() ) {
 			'orderby'  => 'created_at',
 		);
 		$args  = wp_parse_args( $args, $defaults );
-        $table = $wpdb->prefix . PFF_PAYSTACK_TABLE;
+        $table = esc_sql( $wpdb->prefix . PFF_PAYSTACK_TABLE );
 		$order = strtoupper( $args['order'] );
 
-		// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-		$results = $wpdb->get_results(
-			$wpdb->prepare(
-				"SELECT * 
-				FROM %i 
-				WHERE post_id = %d 
-				AND paid = %s
-				ORDER BY %i $order", // phpcs:ignore WordPress.DB.PreparedSQL.InterpolatedNotPrepared
-				$table,
-				$form_id,
-				$args['paid'],
-				$args['orderby'],
-			)
-		);
+		$current_version = get_bloginfo('version');
+		if ( version_compare( '6.2', $current_version, '<=' ) ) {
+
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$results = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * 
+					FROM %i 
+					WHERE post_id = %d 
+					AND paid = %s
+					ORDER BY %i $order",
+					$table,
+					$form_id,
+					$args['paid'],
+					$args['orderby'],
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+
+		} else {
+
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$results = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * 
+					FROM `%s` 
+					WHERE post_id = '%d'
+					AND paid = '%s'
+					ORDER BY '%s' $order",
+					$table,
+					$form_id,
+					$args['paid'],
+					$args['orderby'],
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		}
+
 		return $results;
 	}
 
@@ -214,17 +238,37 @@ public function get_payments_count( $form_id ) {
 		$table = $wpdb->prefix . PFF_PAYSTACK_TABLE;
 		$num   = wp_cache_get( 'form_payments_' . $form_id, 'pff_paystack' );
 		if ( false === $num ) {
-			// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-			$num = $wpdb->get_var(
-				$wpdb->prepare(
-					"SELECT COUNT(*)
-					FROM %i
-					WHERE post_id = %d
-					AND paid = '1'",
-					$table,
-					$form_id
-				)
-			);
+
+			$current_version = get_bloginfo('version');
+			if ( version_compare( '6.2', $current_version, '<=' ) ) {
+	
+				// phpcs:disable WordPress.DB -- Start ignoring
+				$num = $wpdb->get_var(
+					$wpdb->prepare(
+						"SELECT COUNT(*)
+						FROM %i
+						WHERE post_id = %d
+						AND paid = '1'",
+						$table,
+						$form_id
+					)
+				);
+				// phpcs:enable -- Stop ignoring
+			} else {
+				// phpcs:disable WordPress.DB -- Start ignoring
+				$num = $wpdb->get_var(
+					$wpdb->prepare(
+						"SELECT COUNT(*)
+						FROM `%s`
+						WHERE post_id = '%d'
+						AND paid = '1'",
+						$table,
+						$form_id
+					)
+				);
+				// phpcs:enable -- Stop ignoring
+			}
+
 			wp_cache_set( 'form_payments_' . $form_id, $num, 'pff_paystack', 60*5 );
 		}
 		return $num;
@@ -572,7 +616,6 @@ public function get_the_user_ip() {
 
 		return $ip;
 	}
-
 
 	/**
 	 * Get the DB records by the transaction code supplied.
@@ -583,18 +626,36 @@ public function get_the_user_ip() {
 	public function get_db_record( $code, $column = 'txn_code' ) {
 		global $wpdb;
 		$return = false;
-		$table  = $wpdb->prefix . PFF_PAYSTACK_TABLE;
-		// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-		$record = $wpdb->get_results(
-			$wpdb->prepare(
-					"SELECT * 
-					FROM %i 
-					WHERE %i = %s"
-				,
-				$table,
-				$column,
-				$code
-			), 'OBJECT' );
+		$table  = esc_sql( $wpdb->prefix . PFF_PAYSTACK_TABLE );
+
+		$current_version = get_bloginfo('version');
+		if ( version_compare( '6.2', $current_version, '<=' ) ) {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$record = $wpdb->get_results(
+				$wpdb->prepare(
+						"SELECT * 
+						FROM %i 
+						WHERE %i = %s"
+					,
+					$table,
+					$column,
+					$code
+				), 'OBJECT' );
+			// phpcs:enable -- Stop ignoring
+		} else {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$record = $wpdb->get_results(
+				$wpdb->prepare(
+						"SELECT * 
+						FROM `%s`
+						WHERE '%s' = '%s'"
+					,
+					$table,
+					$column,
+					$code
+				), 'OBJECT' );
+			// phpcs:enable -- Stop ignoring
+		}
 
 		if ( ! empty( $record ) && isset( $record[0] ) ) {
 			$return = $record[0];
@@ -789,15 +850,32 @@ public function generate_new_code( $length = 10 ) {
 	 */
 	public function check_code( $code ) {
 		global $wpdb;
-		$table = $wpdb->prefix . PFF_PAYSTACK_TABLE;
+		$table = esc_sql( $wpdb->prefix . PFF_PAYSTACK_TABLE );
 		// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-		$o_exist = $wpdb->get_results(
-			$wpdb->prepare(
-				"SELECT * FROM %i WHERE txn_code = %s",
-				$table,
-				$code
-			)
-		);
+
+		$current_version = get_bloginfo('version');
+		if ( version_compare( '6.2', $current_version, '<=' ) ) {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$o_exist = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * FROM %i WHERE txn_code = %s",
+					$table,
+					$code
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		} else {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$o_exist = $wpdb->get_results(
+				$wpdb->prepare(
+					"SELECT * FROM `%s` WHERE txn_code = %s",
+					$table,
+					$code
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		}
+
 		return ( count( $o_exist ) > 0 );
 	}
 

includes/classes/class-retry-submit.php

@@ -193,16 +193,35 @@ public function generate_code() {
 	protected function update_retry_code() {
 		global $wpdb;
 		$return = false;
-		$table  = $wpdb->prefix . PFF_PAYSTACK_TABLE;
+		$table  = esc_sql( $wpdb->prefix . PFF_PAYSTACK_TABLE );
 		// phpcs:ignore WordPress.DB.DirectDatabaseQuery
-		$return = $wpdb->query(
-			$wpdb->prepare(
-				"UPDATE %i SET txn_code_2 = %s WHERE txn_code = %s",
-				$table,
-				$this->new_code,
-				$this->code
-			)
-		);
+
+		$current_version = get_bloginfo('version');
+		if ( version_compare( '6.2', $current_version, '<=' ) ) {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$return = $wpdb->query(
+				$wpdb->prepare(
+					"UPDATE %i SET txn_code_2 = %s WHERE txn_code = %s",
+					$table,
+					$this->new_code,
+					$this->code
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		} else {
+			// phpcs:disable WordPress.DB -- Start ignoring
+			$return = $wpdb->query(
+				$wpdb->prepare(
+					"UPDATE `%s` SET txn_code_2 = '%s' WHERE txn_code = '%s'",
+					$table,
+					$this->new_code,
+					$this->code
+				)
+			);
+			// phpcs:enable -- Stop ignoring
+		}
+
+
 		return $return;
 	}
 }