[ Index ]

PHP Cross Reference of WordPress Trunk (Updated Daily)

Search

title

Body

[close]

/wp-includes/ -> class-wpdb.php (source)

   1  <?php
   2  /**
   3   * WordPress database access abstraction class.
   4   *
   5   * Original code from {@link http://php.justinvincent.com Justin Vincent (justin@visunet.ie)}
   6   *
   7   * @package WordPress
   8   * @subpackage Database
   9   * @since 0.71
  10   */
  11  
  12  /**
  13   * @since 0.71
  14   */
  15  define( 'EZSQL_VERSION', 'WP1.25' );
  16  
  17  /**
  18   * @since 0.71
  19   */
  20  define( 'OBJECT', 'OBJECT' );
  21  // phpcs:ignore Generic.NamingConventions.UpperCaseConstantName.ConstantNotUpperCase
  22  define( 'object', 'OBJECT' ); // Back compat.
  23  
  24  /**
  25   * @since 2.5.0
  26   */
  27  define( 'OBJECT_K', 'OBJECT_K' );
  28  
  29  /**
  30   * @since 0.71
  31   */
  32  define( 'ARRAY_A', 'ARRAY_A' );
  33  
  34  /**
  35   * @since 0.71
  36   */
  37  define( 'ARRAY_N', 'ARRAY_N' );
  38  
  39  /**
  40   * WordPress database access abstraction class.
  41   *
  42   * This class is used to interact with a database without needing to use raw SQL statements.
  43   * By default, WordPress uses this class to instantiate the global $wpdb object, providing
  44   * access to the WordPress database.
  45   *
  46   * It is possible to replace this class with your own by setting the $wpdb global variable
  47   * in wp-content/db.php file to your class. The wpdb class will still be included, so you can
  48   * extend it or simply use your own.
  49   *
  50   * @link https://developer.wordpress.org/reference/classes/wpdb/
  51   *
  52   * @since 0.71
  53   */
  54  #[AllowDynamicProperties]
  55  class wpdb {
  56  
  57      /**
  58       * Whether to show SQL/DB errors.
  59       *
  60       * Default is to show errors if both WP_DEBUG and WP_DEBUG_DISPLAY evaluate to true.
  61       *
  62       * @since 0.71
  63       *
  64       * @var bool
  65       */
  66      public $show_errors = false;
  67  
  68      /**
  69       * Whether to suppress errors during the DB bootstrapping. Default false.
  70       *
  71       * @since 2.5.0
  72       *
  73       * @var bool
  74       */
  75      public $suppress_errors = false;
  76  
  77      /**
  78       * The error encountered during the last query.
  79       *
  80       * @since 2.5.0
  81       *
  82       * @var string
  83       */
  84      public $last_error = '';
  85  
  86      /**
  87       * The number of queries made.
  88       *
  89       * @since 1.2.0
  90       *
  91       * @var int
  92       */
  93      public $num_queries = 0;
  94  
  95      /**
  96       * Count of rows returned by the last query.
  97       *
  98       * @since 0.71
  99       *
 100       * @var int
 101       */
 102      public $num_rows = 0;
 103  
 104      /**
 105       * Count of rows affected by the last query.
 106       *
 107       * @since 0.71
 108       *
 109       * @var int
 110       */
 111      public $rows_affected = 0;
 112  
 113      /**
 114       * The ID generated for an AUTO_INCREMENT column by the last query (usually INSERT).
 115       *
 116       * @since 0.71
 117       *
 118       * @var int
 119       */
 120      public $insert_id = 0;
 121  
 122      /**
 123       * The last query made.
 124       *
 125       * @since 0.71
 126       *
 127       * @var string
 128       */
 129      public $last_query;
 130  
 131      /**
 132       * Results of the last query.
 133       *
 134       * @since 0.71
 135       *
 136       * @var stdClass[]|null
 137       */
 138      public $last_result;
 139  
 140      /**
 141       * Database query result.
 142       *
 143       * Possible values:
 144       *
 145       * - `mysqli_result` instance for successful SELECT, SHOW, DESCRIBE, or EXPLAIN queries
 146       * - `true` for other query types that were successful
 147       * - `null` if a query is yet to be made or if the result has since been flushed
 148       * - `false` if the query returned an error
 149       *
 150       * @since 0.71
 151       *
 152       * @var mysqli_result|bool|null
 153       */
 154      protected $result;
 155  
 156      /**
 157       * Cached column info, for confidence checking data before inserting.
 158       *
 159       * @since 4.2.0
 160       *
 161       * @var array
 162       */
 163      protected $col_meta = array();
 164  
 165      /**
 166       * Calculated character sets keyed by table name.
 167       *
 168       * @since 4.2.0
 169       *
 170       * @var string[]
 171       */
 172      protected $table_charset = array();
 173  
 174      /**
 175       * Whether text fields in the current query need to be confidence checked.
 176       *
 177       * @since 4.2.0
 178       *
 179       * @var bool
 180       */
 181      protected $check_current_query = true;
 182  
 183      /**
 184       * Flag to ensure we don't run into recursion problems when checking the collation.
 185       *
 186       * @since 4.2.0
 187       *
 188       * @see wpdb::check_safe_collation()
 189       * @var bool
 190       */
 191      private $checking_collation = false;
 192  
 193      /**
 194       * Saved info on the table column.
 195       *
 196       * @since 0.71
 197       *
 198       * @var array
 199       */
 200      protected $col_info;
 201  
 202      /**
 203       * Log of queries that were executed, for debugging purposes.
 204       *
 205       * @since 1.5.0
 206       * @since 2.5.0 The third element in each query log was added to record the calling functions.
 207       * @since 5.1.0 The fourth element in each query log was added to record the start time.
 208       * @since 5.3.0 The fifth element in each query log was added to record custom data.
 209       *
 210       * @var array[] {
 211       *     Array of arrays containing information about queries that were executed.
 212       *
 213       *     @type array ...$0 {
 214       *         Data for each query.
 215       *
 216       *         @type string $0 The query's SQL.
 217       *         @type float  $1 Total time spent on the query, in seconds.
 218       *         @type string $2 Comma-separated list of the calling functions.
 219       *         @type float  $3 Unix timestamp of the time at the start of the query.
 220       *         @type array  $4 Custom query data.
 221       *     }
 222       * }
 223       */
 224      public $queries;
 225  
 226      /**
 227       * The number of times to retry reconnecting before dying. Default 5.
 228       *
 229       * @since 3.9.0
 230       *
 231       * @see wpdb::check_connection()
 232       * @var int
 233       */
 234      protected $reconnect_retries = 5;
 235  
 236      /**
 237       * WordPress table prefix.
 238       *
 239       * You can set this to have multiple WordPress installations in a single database.
 240       * The second reason is for possible security precautions.
 241       *
 242       * @since 2.5.0
 243       *
 244       * @var string
 245       */
 246      public $prefix = '';
 247  
 248      /**
 249       * WordPress base table prefix.
 250       *
 251       * @since 3.0.0
 252       *
 253       * @var string
 254       */
 255      public $base_prefix;
 256  
 257      /**
 258       * Whether the database queries are ready to start executing.
 259       *
 260       * @since 2.3.2
 261       *
 262       * @var bool
 263       */
 264      public $ready = false;
 265  
 266      /**
 267       * Blog ID.
 268       *
 269       * @since 3.0.0
 270       *
 271       * @var int
 272       */
 273      public $blogid = 0;
 274  
 275      /**
 276       * Site ID.
 277       *
 278       * @since 3.0.0
 279       *
 280       * @var int
 281       */
 282      public $siteid = 0;
 283  
 284      /**
 285       * List of WordPress per-site tables.
 286       *
 287       * @since 2.5.0
 288       *
 289       * @see wpdb::tables()
 290       * @var string[]
 291       */
 292      public $tables = array(
 293          'posts',
 294          'comments',
 295          'links',
 296          'options',
 297          'postmeta',
 298          'terms',
 299          'term_taxonomy',
 300          'term_relationships',
 301          'termmeta',
 302          'commentmeta',
 303      );
 304  
 305      /**
 306       * List of deprecated WordPress tables.
 307       *
 308       * 'categories', 'post2cat', and 'link2cat' were deprecated in 2.3.0, db version 5539.
 309       *
 310       * @since 2.9.0
 311       *
 312       * @see wpdb::tables()
 313       * @var string[]
 314       */
 315      public $old_tables = array( 'categories', 'post2cat', 'link2cat' );
 316  
 317      /**
 318       * List of WordPress global tables.
 319       *
 320       * @since 3.0.0
 321       *
 322       * @see wpdb::tables()
 323       * @var string[]
 324       */
 325      public $global_tables = array( 'users', 'usermeta' );
 326  
 327      /**
 328       * List of Multisite global tables.
 329       *
 330       * @since 3.0.0
 331       *
 332       * @see wpdb::tables()
 333       * @var string[]
 334       */
 335      public $ms_global_tables = array(
 336          'blogs',
 337          'blogmeta',
 338          'signups',
 339          'site',
 340          'sitemeta',
 341          'registration_log',
 342      );
 343  
 344      /**
 345       * List of deprecated WordPress Multisite global tables.
 346       *
 347       * @since 6.1.0
 348       *
 349       * @see wpdb::tables()
 350       * @var string[]
 351       */
 352      public $old_ms_global_tables = array( 'sitecategories' );
 353  
 354      /**
 355       * WordPress Comments table.
 356       *
 357       * @since 1.5.0
 358       *
 359       * @var string
 360       */
 361      public $comments;
 362  
 363      /**
 364       * WordPress Comment Metadata table.
 365       *
 366       * @since 2.9.0
 367       *
 368       * @var string
 369       */
 370      public $commentmeta;
 371  
 372      /**
 373       * WordPress Links table.
 374       *
 375       * @since 1.5.0
 376       *
 377       * @var string
 378       */
 379      public $links;
 380  
 381      /**
 382       * WordPress Options table.
 383       *
 384       * @since 1.5.0
 385       *
 386       * @var string
 387       */
 388      public $options;
 389  
 390      /**
 391       * WordPress Post Metadata table.
 392       *
 393       * @since 1.5.0
 394       *
 395       * @var string
 396       */
 397      public $postmeta;
 398  
 399      /**
 400       * WordPress Posts table.
 401       *
 402       * @since 1.5.0
 403       *
 404       * @var string
 405       */
 406      public $posts;
 407  
 408      /**
 409       * WordPress Terms table.
 410       *
 411       * @since 2.3.0
 412       *
 413       * @var string
 414       */
 415      public $terms;
 416  
 417      /**
 418       * WordPress Term Relationships table.
 419       *
 420       * @since 2.3.0
 421       *
 422       * @var string
 423       */
 424      public $term_relationships;
 425  
 426      /**
 427       * WordPress Term Taxonomy table.
 428       *
 429       * @since 2.3.0
 430       *
 431       * @var string
 432       */
 433      public $term_taxonomy;
 434  
 435      /**
 436       * WordPress Term Meta table.
 437       *
 438       * @since 4.4.0
 439       *
 440       * @var string
 441       */
 442      public $termmeta;
 443  
 444      //
 445      // Global and Multisite tables
 446      //
 447  
 448      /**
 449       * WordPress User Metadata table.
 450       *
 451       * @since 2.3.0
 452       *
 453       * @var string
 454       */
 455      public $usermeta;
 456  
 457      /**
 458       * WordPress Users table.
 459       *
 460       * @since 1.5.0
 461       *
 462       * @var string
 463       */
 464      public $users;
 465  
 466      /**
 467       * Multisite Blogs table.
 468       *
 469       * @since 3.0.0
 470       *
 471       * @var string
 472       */
 473      public $blogs;
 474  
 475      /**
 476       * Multisite Blog Metadata table.
 477       *
 478       * @since 5.1.0
 479       *
 480       * @var string
 481       */
 482      public $blogmeta;
 483  
 484      /**
 485       * Multisite Registration Log table.
 486       *
 487       * @since 3.0.0
 488       *
 489       * @var string
 490       */
 491      public $registration_log;
 492  
 493      /**
 494       * Multisite Signups table.
 495       *
 496       * @since 3.0.0
 497       *
 498       * @var string
 499       */
 500      public $signups;
 501  
 502      /**
 503       * Multisite Sites table.
 504       *
 505       * @since 3.0.0
 506       *
 507       * @var string
 508       */
 509      public $site;
 510  
 511      /**
 512       * Multisite Sitewide Terms table.
 513       *
 514       * @since 3.0.0
 515       *
 516       * @var string
 517       */
 518      public $sitecategories;
 519  
 520      /**
 521       * Multisite Site Metadata table.
 522       *
 523       * @since 3.0.0
 524       *
 525       * @var string
 526       */
 527      public $sitemeta;
 528  
 529      /**
 530       * Format specifiers for DB columns.
 531       *
 532       * Columns not listed here default to %s. Initialized during WP load.
 533       * Keys are column names, values are format types: 'ID' => '%d'.
 534       *
 535       * @since 2.8.0
 536       *
 537       * @see wpdb::prepare()
 538       * @see wpdb::insert()
 539       * @see wpdb::update()
 540       * @see wpdb::delete()
 541       * @see wp_set_wpdb_vars()
 542       * @var array
 543       */
 544      public $field_types = array();
 545  
 546      /**
 547       * Database table columns charset.
 548       *
 549       * @since 2.2.0
 550       *
 551       * @var string
 552       */
 553      public $charset;
 554  
 555      /**
 556       * Database table columns collate.
 557       *
 558       * @since 2.2.0
 559       *
 560       * @var string
 561       */
 562      public $collate;
 563  
 564      /**
 565       * Database Username.
 566       *
 567       * @since 2.9.0
 568       *
 569       * @var string
 570       */
 571      protected $dbuser;
 572  
 573      /**
 574       * Database Password.
 575       *
 576       * @since 3.1.0
 577       *
 578       * @var string
 579       */
 580      protected $dbpassword;
 581  
 582      /**
 583       * Database Name.
 584       *
 585       * @since 3.1.0
 586       *
 587       * @var string
 588       */
 589      protected $dbname;
 590  
 591      /**
 592       * Database Host.
 593       *
 594       * @since 3.1.0
 595       *
 596       * @var string
 597       */
 598      protected $dbhost;
 599  
 600      /**
 601       * Database handle.
 602       *
 603       * Possible values:
 604       *
 605       * - `mysqli` instance during normal operation
 606       * - `null` if the connection is yet to be made or has been closed
 607       * - `false` if the connection has failed
 608       *
 609       * @since 0.71
 610       *
 611       * @var mysqli|false|null
 612       */
 613      protected $dbh;
 614  
 615      /**
 616       * A textual description of the last query/get_row/get_var call.
 617       *
 618       * @since 3.0.0
 619       *
 620       * @var string
 621       */
 622      public $func_call;
 623  
 624      /**
 625       * Whether MySQL is used as the database engine.
 626       *
 627       * Set in wpdb::db_connect() to true, by default. This is used when checking
 628       * against the required MySQL version for WordPress. Normally, a replacement
 629       * database drop-in (db.php) will skip these checks, but setting this to true
 630       * will force the checks to occur.
 631       *
 632       * @since 3.3.0
 633       *
 634       * @var bool
 635       */
 636      public $is_mysql = null;
 637  
 638      /**
 639       * A list of incompatible SQL modes.
 640       *
 641       * @since 3.9.0
 642       *
 643       * @var string[]
 644       */
 645      protected $incompatible_modes = array(
 646          'NO_ZERO_DATE',
 647          'ONLY_FULL_GROUP_BY',
 648          'STRICT_TRANS_TABLES',
 649          'STRICT_ALL_TABLES',
 650          'TRADITIONAL',
 651          'ANSI',
 652      );
 653  
 654      /**
 655       * Backward compatibility, where wpdb::prepare() has not quoted formatted/argnum placeholders.
 656       *
 657       * This is often used for table/field names (before %i was supported), and sometimes string formatting, e.g.
 658       *
 659       *     $wpdb->prepare( 'WHERE `%1$s` = "%2$s something %3$s" OR %1$s = "%4$-10s"', 'field_1', 'a', 'b', 'c' );
 660       *
 661       * But it's risky, e.g. forgetting to add quotes, resulting in SQL Injection vulnerabilities:
 662       *
 663       *     $wpdb->prepare( 'WHERE (id = %1s) OR (id = %2$s)', $_GET['id'], $_GET['id'] ); // ?id=id
 664       *
 665       * This feature is preserved while plugin authors update their code to use safer approaches:
 666       *
 667       *     $_GET['key'] = 'a`b';
 668       *
 669       *     $wpdb->prepare( 'WHERE %1s = %s',        $_GET['key'], $_GET['value'] ); // WHERE a`b = 'value'
 670       *     $wpdb->prepare( 'WHERE `%1$s` = "%2$s"', $_GET['key'], $_GET['value'] ); // WHERE `a`b` = "value"
 671       *
 672       *     $wpdb->prepare( 'WHERE %i = %s',         $_GET['key'], $_GET['value'] ); // WHERE `a``b` = 'value'
 673       *
 674       * While changing to false will be fine for queries not using formatted/argnum placeholders,
 675       * any remaining cases are most likely going to result in SQL errors (good, in a way):
 676       *
 677       *     $wpdb->prepare( 'WHERE %1$s = "%2$-10s"', 'my_field', 'my_value' );
 678       *     true  = WHERE my_field = "my_value  "
 679       *     false = WHERE 'my_field' = "'my_value  '"
 680       *
 681       * But there may be some queries that result in an SQL Injection vulnerability:
 682       *
 683       *     $wpdb->prepare( 'WHERE id = %1$s', $_GET['id'] ); // ?id=id
 684       *
 685       * So there may need to be a `_doing_it_wrong()` phase, after we know everyone can use
 686       * identifier placeholders (%i), but before this feature is disabled or removed.
 687       *
 688       * @since 6.2.0
 689       * @var bool
 690       */
 691      private $allow_unsafe_unquoted_parameters = true;
 692  
 693      /**
 694       * Whether to use the mysqli extension over mysql. This is no longer used as the mysql
 695       * extension is no longer supported.
 696       *
 697       * Default true.
 698       *
 699       * @since 3.9.0
 700       * @since 6.4.0 This property was removed.
 701       * @since 6.4.1 This property was reinstated and its default value was changed to true.
 702       *              The property is no longer used in core but may be accessed externally.
 703       *
 704       * @var bool
 705       */
 706      private $use_mysqli = true;
 707  
 708      /**
 709       * Whether we've managed to successfully connect at some point.
 710       *
 711       * @since 3.9.0
 712       *
 713       * @var bool
 714       */
 715      private $has_connected = false;
 716  
 717      /**
 718       * Time when the last query was performed.
 719       *
 720       * Only set when `SAVEQUERIES` is defined and truthy.
 721       *
 722       * @since 1.5.0
 723       *
 724       * @var float
 725       */
 726      public $time_start = null;
 727  
 728      /**
 729       * The last SQL error that was encountered.
 730       *
 731       * @since 2.5.0
 732       *
 733       * @var WP_Error|string
 734       */
 735      public $error = null;
 736  
 737      /**
 738       * Connects to the database server and selects a database.
 739       *
 740       * Does the actual setting up
 741       * of the class properties and connection to the database.
 742       *
 743       * @since 2.0.8
 744       *
 745       * @link https://core.trac.wordpress.org/ticket/3354
 746       *
 747       * @param string $dbuser     Database user.
 748       * @param string $dbpassword Database password.
 749       * @param string $dbname     Database name.
 750       * @param string $dbhost     Database host.
 751       */
 752  	public function __construct( $dbuser, $dbpassword, $dbname, $dbhost ) {
 753          if ( WP_DEBUG && WP_DEBUG_DISPLAY ) {
 754              $this->show_errors();
 755          }
 756  
 757          $this->dbuser     = $dbuser;
 758          $this->dbpassword = $dbpassword;
 759          $this->dbname     = $dbname;
 760          $this->dbhost     = $dbhost;
 761  
 762          // wp-config.php creation will manually connect when ready.
 763          if ( defined( 'WP_SETUP_CONFIG' ) ) {
 764              return;
 765          }
 766  
 767          $this->db_connect();
 768      }
 769  
 770      /**
 771       * Makes private properties readable for backward compatibility.
 772       *
 773       * @since 3.5.0
 774       *
 775       * @param string $name The private member to get, and optionally process.
 776       * @return mixed The private member.
 777       */
 778  	public function __get( $name ) {
 779          if ( 'col_info' === $name ) {
 780              $this->load_col_info();
 781          }
 782  
 783          return $this->$name;
 784      }
 785  
 786      /**
 787       * Makes private properties settable for backward compatibility.
 788       *
 789       * @since 3.5.0
 790       *
 791       * @param string $name  The private member to set.
 792       * @param mixed  $value The value to set.
 793       */
 794  	public function __set( $name, $value ) {
 795          $protected_members = array(
 796              'col_meta',
 797              'table_charset',
 798              'check_current_query',
 799              'allow_unsafe_unquoted_parameters',
 800          );
 801          if ( in_array( $name, $protected_members, true ) ) {
 802              return;
 803          }
 804          $this->$name = $value;
 805      }
 806  
 807      /**
 808       * Makes private properties check-able for backward compatibility.
 809       *
 810       * @since 3.5.0
 811       *
 812       * @param string $name The private member to check.
 813       * @return bool If the member is set or not.
 814       */
 815  	public function __isset( $name ) {
 816          return isset( $this->$name );
 817      }
 818  
 819      /**
 820       * Makes private properties un-settable for backward compatibility.
 821       *
 822       * @since 3.5.0
 823       *
 824       * @param string $name  The private member to unset
 825       */
 826  	public function __unset( $name ) {
 827          unset( $this->$name );
 828      }
 829  
 830      /**
 831       * Sets $this->charset and $this->collate.
 832       *
 833       * @since 3.1.0
 834       */
 835  	public function init_charset() {
 836          $charset = '';
 837          $collate = '';
 838  
 839          if ( function_exists( 'is_multisite' ) && is_multisite() ) {
 840              $charset = 'utf8';
 841              if ( defined( 'DB_COLLATE' ) && DB_COLLATE ) {
 842                  $collate = DB_COLLATE;
 843              } else {
 844                  $collate = 'utf8_general_ci';
 845              }
 846          } elseif ( defined( 'DB_COLLATE' ) ) {
 847              $collate = DB_COLLATE;
 848          }
 849  
 850          if ( defined( 'DB_CHARSET' ) ) {
 851              $charset = DB_CHARSET;
 852          }
 853  
 854          $charset_collate = $this->determine_charset( $charset, $collate );
 855  
 856          $this->charset = $charset_collate['charset'];
 857          $this->collate = $charset_collate['collate'];
 858      }
 859  
 860      /**
 861       * Determines the best charset and collation to use given a charset and collation.
 862       *
 863       * For example, when able, utf8mb4 should be used instead of utf8.
 864       *
 865       * @since 4.6.0
 866       *
 867       * @param string $charset The character set to check.
 868       * @param string $collate The collation to check.
 869       * @return array {
 870       *     The most appropriate character set and collation to use.
 871       *
 872       *     @type string $charset Character set.
 873       *     @type string $collate Collation.
 874       * }
 875       */
 876  	public function determine_charset( $charset, $collate ) {
 877          if ( ( ! ( $this->dbh instanceof mysqli ) ) || empty( $this->dbh ) ) {
 878              return compact( 'charset', 'collate' );
 879          }
 880  
 881          if ( 'utf8' === $charset ) {
 882              $charset = 'utf8mb4';
 883          }
 884  
 885          if ( 'utf8mb4' === $charset ) {
 886              // _general_ is outdated, so we can upgrade it to _unicode_, instead.
 887              if ( ! $collate || 'utf8_general_ci' === $collate ) {
 888                  $collate = 'utf8mb4_unicode_ci';
 889              } else {
 890                  $collate = str_replace( 'utf8_', 'utf8mb4_', $collate );
 891              }
 892          }
 893  
 894          // _unicode_520_ is a better collation, we should use that when it's available.
 895          if ( $this->has_cap( 'utf8mb4_520' ) && 'utf8mb4_unicode_ci' === $collate ) {
 896              $collate = 'utf8mb4_unicode_520_ci';
 897          }
 898  
 899          return compact( 'charset', 'collate' );
 900      }
 901  
 902      /**
 903       * Sets the connection's character set.
 904       *
 905       * @since 3.1.0
 906       *
 907       * @param mysqli $dbh     The connection returned by `mysqli_connect()`.
 908       * @param string $charset Optional. The character set. Default null.
 909       * @param string $collate Optional. The collation. Default null.
 910       */
 911  	public function set_charset( $dbh, $charset = null, $collate = null ) {
 912          if ( ! isset( $charset ) ) {
 913              $charset = $this->charset;
 914          }
 915          if ( ! isset( $collate ) ) {
 916              $collate = $this->collate;
 917          }
 918          if ( $this->has_cap( 'collation' ) && ! empty( $charset ) ) {
 919              $set_charset_succeeded = true;
 920  
 921              if ( function_exists( 'mysqli_set_charset' ) && $this->has_cap( 'set_charset' ) ) {
 922                  $set_charset_succeeded = mysqli_set_charset( $dbh, $charset );
 923              }
 924  
 925              if ( $set_charset_succeeded ) {
 926                  $query = $this->prepare( 'SET NAMES %s', $charset );
 927                  if ( ! empty( $collate ) ) {
 928                      $query .= $this->prepare( ' COLLATE %s', $collate );
 929                  }
 930                  mysqli_query( $dbh, $query );
 931              }
 932          }
 933      }
 934  
 935      /**
 936       * Changes the current SQL mode, and ensures its WordPress compatibility.
 937       *
 938       * If no modes are passed, it will ensure the current MySQL server modes are compatible.
 939       *
 940       * @since 3.9.0
 941       *
 942       * @param array $modes Optional. A list of SQL modes to set. Default empty array.
 943       */
 944  	public function set_sql_mode( $modes = array() ) {
 945          if ( empty( $modes ) ) {
 946              $res = mysqli_query( $this->dbh, 'SELECT @@SESSION.sql_mode' );
 947  
 948              if ( empty( $res ) ) {
 949                  return;
 950              }
 951  
 952              $modes_array = mysqli_fetch_array( $res );
 953  
 954              if ( empty( $modes_array[0] ) ) {
 955                  return;
 956              }
 957  
 958              $modes_str = $modes_array[0];
 959  
 960              if ( empty( $modes_str ) ) {
 961                  return;
 962              }
 963  
 964              $modes = explode( ',', $modes_str );
 965          }
 966  
 967          $modes = array_change_key_case( $modes, CASE_UPPER );
 968  
 969          /**
 970           * Filters the list of incompatible SQL modes to exclude.
 971           *
 972           * @since 3.9.0
 973           *
 974           * @param array $incompatible_modes An array of incompatible modes.
 975           */
 976          $incompatible_modes = (array) apply_filters( 'incompatible_sql_modes', $this->incompatible_modes );
 977  
 978          foreach ( $modes as $i => $mode ) {
 979              if ( in_array( $mode, $incompatible_modes, true ) ) {
 980                  unset( $modes[ $i ] );
 981              }
 982          }
 983  
 984          $modes_str = implode( ',', $modes );
 985  
 986          mysqli_query( $this->dbh, "SET SESSION sql_mode='$modes_str'" );
 987      }
 988  
 989      /**
 990       * Sets the table prefix for the WordPress tables.
 991       *
 992       * @since 2.5.0
 993       *
 994       * @param string $prefix          Alphanumeric name for the new prefix.
 995       * @param bool   $set_table_names Optional. Whether the table names, e.g. wpdb::$posts,
 996       *                                should be updated or not. Default true.
 997       * @return string|WP_Error Old prefix or WP_Error on error.
 998       */
 999  	public function set_prefix( $prefix, $set_table_names = true ) {
1000  
1001          if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) {
1002              return new WP_Error( 'invalid_db_prefix', 'Invalid database prefix' );
1003          }
1004  
1005          $old_prefix = is_multisite() ? '' : $prefix;
1006  
1007          if ( isset( $this->base_prefix ) ) {
1008              $old_prefix = $this->base_prefix;
1009          }
1010  
1011          $this->base_prefix = $prefix;
1012  
1013          if ( $set_table_names ) {
1014              foreach ( $this->tables( 'global' ) as $table => $prefixed_table ) {
1015                  $this->$table = $prefixed_table;
1016              }
1017  
1018              if ( is_multisite() && empty( $this->blogid ) ) {
1019                  return $old_prefix;
1020              }
1021  
1022              $this->prefix = $this->get_blog_prefix();
1023  
1024              foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) {
1025                  $this->$table = $prefixed_table;
1026              }
1027  
1028              foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) {
1029                  $this->$table = $prefixed_table;
1030              }
1031          }
1032          return $old_prefix;
1033      }
1034  
1035      /**
1036       * Sets blog ID.
1037       *
1038       * @since 3.0.0
1039       *
1040       * @param int $blog_id
1041       * @param int $network_id Optional. Network ID. Default 0.
1042       * @return int Previous blog ID.
1043       */
1044  	public function set_blog_id( $blog_id, $network_id = 0 ) {
1045          if ( ! empty( $network_id ) ) {
1046              $this->siteid = $network_id;
1047          }
1048  
1049          $old_blog_id  = $this->blogid;
1050          $this->blogid = $blog_id;
1051  
1052          $this->prefix = $this->get_blog_prefix();
1053  
1054          foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) {
1055              $this->$table = $prefixed_table;
1056          }
1057  
1058          foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) {
1059              $this->$table = $prefixed_table;
1060          }
1061  
1062          return $old_blog_id;
1063      }
1064  
1065      /**
1066       * Gets blog prefix.
1067       *
1068       * @since 3.0.0
1069       *
1070       * @param int $blog_id Optional. Blog ID to retrieve the table prefix for.
1071       *                     Defaults to the current blog ID.
1072       * @return string Blog prefix.
1073       */
1074  	public function get_blog_prefix( $blog_id = null ) {
1075          if ( is_multisite() ) {
1076              if ( null === $blog_id ) {
1077                  $blog_id = $this->blogid;
1078              }
1079  
1080              $blog_id = (int) $blog_id;
1081  
1082              if ( defined( 'MULTISITE' ) && ( 0 === $blog_id || 1 === $blog_id ) ) {
1083                  return $this->base_prefix;
1084              } else {
1085                  return $this->base_prefix . $blog_id . '_';
1086              }
1087          } else {
1088              return $this->base_prefix;
1089          }
1090      }
1091  
1092      /**
1093       * Returns an array of WordPress tables.
1094       *
1095       * Also allows for the `CUSTOM_USER_TABLE` and `CUSTOM_USER_META_TABLE` to override the WordPress users
1096       * and usermeta tables that would otherwise be determined by the prefix.
1097       *
1098       * The `$scope` argument can take one of the following:
1099       *
1100       * - 'all' - returns 'all' and 'global' tables. No old tables are returned.
1101       * - 'blog' - returns the blog-level tables for the queried blog.
1102       * - 'global' - returns the global tables for the installation, returning multisite tables only on multisite.
1103       * - 'ms_global' - returns the multisite global tables, regardless if current installation is multisite.
1104       * - 'old' - returns tables which are deprecated.
1105       *
1106       * @since 3.0.0
1107       * @since 6.1.0 `old` now includes deprecated multisite global tables only on multisite.
1108       *
1109       * @uses wpdb::$tables
1110       * @uses wpdb::$old_tables
1111       * @uses wpdb::$global_tables
1112       * @uses wpdb::$ms_global_tables
1113       * @uses wpdb::$old_ms_global_tables
1114       *
1115       * @param string $scope   Optional. Possible values include 'all', 'global', 'ms_global', 'blog',
1116       *                        or 'old' tables. Default 'all'.
1117       * @param bool   $prefix  Optional. Whether to include table prefixes. If blog prefix is requested,
1118       *                        then the custom users and usermeta tables will be mapped. Default true.
1119       * @param int    $blog_id Optional. The blog_id to prefix. Used only when prefix is requested.
1120       *                        Defaults to `wpdb::$blogid`.
1121       * @return string[] Table names. When a prefix is requested, the key is the unprefixed table name.
1122       */
1123  	public function tables( $scope = 'all', $prefix = true, $blog_id = 0 ) {
1124          switch ( $scope ) {
1125              case 'all':
1126                  $tables = array_merge( $this->global_tables, $this->tables );
1127                  if ( is_multisite() ) {
1128                      $tables = array_merge( $tables, $this->ms_global_tables );
1129                  }
1130                  break;
1131              case 'blog':
1132                  $tables = $this->tables;
1133                  break;
1134              case 'global':
1135                  $tables = $this->global_tables;
1136                  if ( is_multisite() ) {
1137                      $tables = array_merge( $tables, $this->ms_global_tables );
1138                  }
1139                  break;
1140              case 'ms_global':
1141                  $tables = $this->ms_global_tables;
1142                  break;
1143              case 'old':
1144                  $tables = $this->old_tables;
1145                  if ( is_multisite() ) {
1146                      $tables = array_merge( $tables, $this->old_ms_global_tables );
1147                  }
1148                  break;
1149              default:
1150                  return array();
1151          }
1152  
1153          if ( $prefix ) {
1154              if ( ! $blog_id ) {
1155                  $blog_id = $this->blogid;
1156              }
1157              $blog_prefix   = $this->get_blog_prefix( $blog_id );
1158              $base_prefix   = $this->base_prefix;
1159              $global_tables = array_merge( $this->global_tables, $this->ms_global_tables );
1160              foreach ( $tables as $k => $table ) {
1161                  if ( in_array( $table, $global_tables, true ) ) {
1162                      $tables[ $table ] = $base_prefix . $table;
1163                  } else {
1164                      $tables[ $table ] = $blog_prefix . $table;
1165                  }
1166                  unset( $tables[ $k ] );
1167              }
1168  
1169              if ( isset( $tables['users'] ) && defined( 'CUSTOM_USER_TABLE' ) ) {
1170                  $tables['users'] = CUSTOM_USER_TABLE;
1171              }
1172  
1173              if ( isset( $tables['usermeta'] ) && defined( 'CUSTOM_USER_META_TABLE' ) ) {
1174                  $tables['usermeta'] = CUSTOM_USER_META_TABLE;
1175              }
1176          }
1177  
1178          return $tables;
1179      }
1180  
1181      /**
1182       * Selects a database using the current or provided database connection.
1183       *
1184       * The database name will be changed based on the current database connection.
1185       * On failure, the execution will bail and display a DB error.
1186       *
1187       * @since 0.71
1188       *
1189       * @param string $db  Database name.
1190       * @param mysqli $dbh Optional. Database connection.
1191       *                    Defaults to the current database handle.
1192       */
1193  	public function select( $db, $dbh = null ) {
1194          if ( is_null( $dbh ) ) {
1195              $dbh = $this->dbh;
1196          }
1197  
1198          $success = mysqli_select_db( $dbh, $db );
1199  
1200          if ( ! $success ) {
1201              $this->ready = false;
1202              if ( ! did_action( 'template_redirect' ) ) {
1203                  wp_load_translations_early();
1204  
1205                  $message = '<h1>' . __( 'Cannot select database' ) . "</h1>\n";
1206  
1207                  $message .= '<p>' . sprintf(
1208                      /* translators: %s: Database name. */
1209                      __( 'The database server could be connected to (which means your username and password is okay) but the %s database could not be selected.' ),
1210                      '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>'
1211                  ) . "</p>\n";
1212  
1213                  $message .= "<ul>\n";
1214                  $message .= '<li>' . __( 'Are you sure it exists?' ) . "</li>\n";
1215  
1216                  $message .= '<li>' . sprintf(
1217                      /* translators: 1: Database user, 2: Database name. */
1218                      __( 'Does the user %1$s have permission to use the %2$s database?' ),
1219                      '<code>' . htmlspecialchars( $this->dbuser, ENT_QUOTES ) . '</code>',
1220                      '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>'
1221                  ) . "</li>\n";
1222  
1223                  $message .= '<li>' . sprintf(
1224                      /* translators: %s: Database name. */
1225                      __( 'On some systems the name of your database is prefixed with your username, so it would be like <code>username_%1$s</code>. Could that be the problem?' ),
1226                      htmlspecialchars( $db, ENT_QUOTES )
1227                  ) . "</li>\n";
1228  
1229                  $message .= "</ul>\n";
1230  
1231                  $message .= '<p>' . sprintf(
1232                      /* translators: %s: Support forums URL. */
1233                      __( 'If you do not know how to set up a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href="%s">WordPress support forums</a>.' ),
1234                      __( 'https://wordpress.org/support/forums/' )
1235                  ) . "</p>\n";
1236  
1237                  $this->bail( $message, 'db_select_fail' );
1238              }
1239          }
1240      }
1241  
1242      /**
1243       * Do not use, deprecated.
1244       *
1245       * Use esc_sql() or wpdb::prepare() instead.
1246       *
1247       * @since 2.8.0
1248       * @deprecated 3.6.0 Use wpdb::prepare()
1249       * @see wpdb::prepare()
1250       * @see esc_sql()
1251       *
1252       * @param string $data
1253       * @return string
1254       */
1255  	public function _weak_escape( $data ) {
1256          if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) {
1257              _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' );
1258          }
1259          return addslashes( $data );
1260      }
1261  
1262      /**
1263       * Real escape using mysqli_real_escape_string().
1264       *
1265       * @since 2.8.0
1266       *
1267       * @see mysqli_real_escape_string()
1268       *
1269       * @param string $data String to escape.
1270       * @return string Escaped string.
1271       */
1272  	public function _real_escape( $data ) {
1273          if ( ! is_scalar( $data ) ) {
1274              return '';
1275          }
1276  
1277          if ( $this->dbh ) {
1278              $escaped = mysqli_real_escape_string( $this->dbh, $data );
1279          } else {
1280              $class = get_class( $this );
1281  
1282              wp_load_translations_early();
1283              /* translators: %s: Database access abstraction class, usually wpdb or a class extending wpdb. */
1284              _doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' );
1285  
1286              $escaped = addslashes( $data );
1287          }
1288  
1289          return $this->add_placeholder_escape( $escaped );
1290      }
1291  
1292      /**
1293       * Escapes data. Works on arrays.
1294       *
1295       * @since 2.8.0
1296       *
1297       * @uses wpdb::_real_escape()
1298       *
1299       * @param string|array $data Data to escape.
1300       * @return string|array Escaped data, in the same type as supplied.
1301       */
1302  	public function _escape( $data ) {
1303          if ( is_array( $data ) ) {
1304              foreach ( $data as $k => $v ) {
1305                  if ( is_array( $v ) ) {
1306                      $data[ $k ] = $this->_escape( $v );
1307                  } else {
1308                      $data[ $k ] = $this->_real_escape( $v );
1309                  }
1310              }
1311          } else {
1312              $data = $this->_real_escape( $data );
1313          }
1314  
1315          return $data;
1316      }
1317  
1318      /**
1319       * Do not use, deprecated.
1320       *
1321       * Use esc_sql() or wpdb::prepare() instead.
1322       *
1323       * @since 0.71
1324       * @deprecated 3.6.0 Use wpdb::prepare()
1325       * @see wpdb::prepare()
1326       * @see esc_sql()
1327       *
1328       * @param string|array $data Data to escape.
1329       * @return string|array Escaped data, in the same type as supplied.
1330       */
1331  	public function escape( $data ) {
1332          if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) {
1333              _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' );
1334          }
1335          if ( is_array( $data ) ) {
1336              foreach ( $data as $k => $v ) {
1337                  if ( is_array( $v ) ) {
1338                      $data[ $k ] = $this->escape( $v, 'recursive' );
1339                  } else {
1340                      $data[ $k ] = $this->_weak_escape( $v, 'internal' );
1341                  }
1342              }
1343          } else {
1344              $data = $this->_weak_escape( $data, 'internal' );
1345          }
1346  
1347          return $data;
1348      }
1349  
1350      /**
1351       * Escapes content by reference for insertion into the database, for security.
1352       *
1353       * @uses wpdb::_real_escape()
1354       *
1355       * @since 2.3.0
1356       *
1357       * @param string $data String to escape.
1358       */
1359  	public function escape_by_ref( &$data ) {
1360          if ( ! is_float( $data ) ) {
1361              $data = $this->_real_escape( $data );
1362          }
1363      }
1364  
1365      /**
1366       * Quotes an identifier for a MySQL database, e.g. table/field names.
1367       *
1368       * @since 6.2.0
1369       *
1370       * @param string $identifier Identifier to escape.
1371       * @return string Escaped identifier.
1372       */
1373  	public function quote_identifier( $identifier ) {
1374          return '`' . $this->_escape_identifier_value( $identifier ) . '`';
1375      }
1376  
1377      /**
1378       * Escapes an identifier value without adding the surrounding quotes.
1379       *
1380       * - Permitted characters in quoted identifiers include the full Unicode
1381       *   Basic Multilingual Plane (BMP), except U+0000.
1382       * - To quote the identifier itself, you need to double the character, e.g. `a``b`.
1383       *
1384       * @since 6.2.0
1385       *
1386       * @link https://dev.mysql.com/doc/refman/8.0/en/identifiers.html
1387       *
1388       * @param string $identifier Identifier to escape.
1389       * @return string Escaped identifier.
1390       */
1391  	private function _escape_identifier_value( $identifier ) {
1392          return str_replace( '`', '``', $identifier );
1393      }
1394  
1395      /**
1396       * Prepares a SQL query for safe execution.
1397       *
1398       * Uses `sprintf()`-like syntax. The following placeholders can be used in the query string:
1399       *
1400       * - `%d` (integer)
1401       * - `%f` (float)
1402       * - `%s` (string)
1403       * - `%i` (identifier, e.g. table/field names)
1404       *
1405       * All placeholders MUST be left unquoted in the query string. A corresponding argument
1406       * MUST be passed for each placeholder.
1407       *
1408       * Note: There is one exception to the above: for compatibility with old behavior,
1409       * numbered or formatted string placeholders (eg, `%1$s`, `%5s`) will not have quotes
1410       * added by this function, so should be passed with appropriate quotes around them.
1411       *
1412       * Literal percentage signs (`%`) in the query string must be written as `%%`. Percentage wildcards
1413       * (for example, to use in LIKE syntax) must be passed via a substitution argument containing
1414       * the complete LIKE string, these cannot be inserted directly in the query string.
1415       * Also see wpdb::esc_like().
1416       *
1417       * Arguments may be passed as individual arguments to the method, or as a single array
1418       * containing all arguments. A combination of the two is not supported.
1419       *
1420       * Examples:
1421       *
1422       *     $wpdb->prepare(
1423       *         "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s",
1424       *         array( 'foo', 1337, '%bar' )
1425       *     );
1426       *
1427       *     $wpdb->prepare(
1428       *         "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s",
1429       *         'foo'
1430       *     );
1431       *
1432       * @since 2.3.0
1433       * @since 5.3.0 Formalized the existing and already documented `...$args` parameter
1434       *              by updating the function signature. The second parameter was changed
1435       *              from `$args` to `...$args`.
1436       * @since 6.2.0 Added `%i` for identifiers, e.g. table or field names.
1437       *              Check support via `wpdb::has_cap( 'identifier_placeholders' )`.
1438       *              This preserves compatibility with `sprintf()`, as the C version uses
1439       *              `%d` and `$i` as a signed integer, whereas PHP only supports `%d`.
1440       *
1441       * @link https://www.php.net/sprintf Description of syntax.
1442       *
1443       * @param string      $query   Query statement with `sprintf()`-like placeholders.
1444       * @param array|mixed $args    The array of variables to substitute into the query's placeholders
1445       *                             if being called with an array of arguments, or the first variable
1446       *                             to substitute into the query's placeholders if being called with
1447       *                             individual arguments.
1448       * @param mixed       ...$args Further variables to substitute into the query's placeholders
1449       *                             if being called with individual arguments.
1450       * @return string|void Sanitized query string, if there is a query to prepare.
1451       */
1452  	public function prepare( $query, ...$args ) {
1453          if ( is_null( $query ) ) {
1454              return;
1455          }
1456  
1457          /*
1458           * This is not meant to be foolproof -- but it will catch obviously incorrect usage.
1459           *
1460           * Note: str_contains() is not used here, as this file can be included
1461           * directly outside of WordPress core, e.g. by HyperDB, in which case
1462           * the polyfills from wp-includes/compat.php are not loaded.
1463           */
1464          if ( false === strpos( $query, '%' ) ) {
1465              wp_load_translations_early();
1466              _doing_it_wrong(
1467                  'wpdb::prepare',
1468                  sprintf(
1469                      /* translators: %s: wpdb::prepare() */
1470                      __( 'The query argument of %s must have a placeholder.' ),
1471                      'wpdb::prepare()'
1472                  ),
1473                  '3.9.0'
1474              );
1475          }
1476  
1477          /*
1478           * Specify the formatting allowed in a placeholder. The following are allowed:
1479           *
1480           * - Sign specifier, e.g. $+d
1481           * - Numbered placeholders, e.g. %1$s
1482           * - Padding specifier, including custom padding characters, e.g. %05s, %'#5s
1483           * - Alignment specifier, e.g. %05-s
1484           * - Precision specifier, e.g. %.2f
1485           */
1486          $allowed_format = '(?:[1-9][0-9]*[$])?[-+0-9]*(?: |0|\'.)?[-+0-9]*(?:\.[0-9]+)?';
1487  
1488          /*
1489           * If a %s placeholder already has quotes around it, removing the existing quotes
1490           * and re-inserting them ensures the quotes are consistent.
1491           *
1492           * For backward compatibility, this is only applied to %s, and not to placeholders like %1$s,
1493           * which are frequently used in the middle of longer strings, or as table name placeholders.
1494           */
1495          $query = str_replace( "'%s'", '%s', $query ); // Strip any existing single quotes.
1496          $query = str_replace( '"%s"', '%s', $query ); // Strip any existing double quotes.
1497  
1498          // Escape any unescaped percents (i.e. anything unrecognised).
1499          $query = preg_replace( "/%(?:%|$|(?!($allowed_format)?[sdfFi]))/", '%%\\1', $query );
1500  
1501          // Extract placeholders from the query.
1502          $split_query = preg_split( "/(^|[^%]|(?:%%)+)(%(?:$allowed_format)?[sdfFi])/", $query, -1, PREG_SPLIT_DELIM_CAPTURE );
1503  
1504          $split_query_count = count( $split_query );
1505  
1506          /*
1507           * Split always returns with 1 value before the first placeholder (even with $query = "%s"),
1508           * then 3 additional values per placeholder.
1509           */
1510          $placeholder_count = ( ( $split_query_count - 1 ) / 3 );
1511  
1512          // If args were passed as an array, as in vsprintf(), move them up.
1513          $passed_as_array = ( isset( $args[0] ) && is_array( $args[0] ) && 1 === count( $args ) );
1514          if ( $passed_as_array ) {
1515              $args = $args[0];
1516          }
1517  
1518          $new_query       = '';
1519          $key             = 2; // Keys 0 and 1 in $split_query contain values before the first placeholder.
1520          $arg_id          = 0;
1521          $arg_identifiers = array();
1522          $arg_strings     = array();
1523  
1524          while ( $key < $split_query_count ) {
1525              $placeholder = $split_query[ $key ];
1526  
1527              $format = substr( $placeholder, 1, -1 );
1528              $type   = substr( $placeholder, -1 );
1529  
1530              if ( 'f' === $type && true === $this->allow_unsafe_unquoted_parameters
1531                  /*
1532                   * Note: str_ends_with() is not used here, as this file can be included
1533                   * directly outside of WordPress core, e.g. by HyperDB, in which case
1534                   * the polyfills from wp-includes/compat.php are not loaded.
1535                   */
1536                  && '%' === substr( $split_query[ $key - 1 ], -1, 1 )
1537              ) {
1538  
1539                  /*
1540                   * Before WP 6.2 the "force floats to be locale-unaware" RegEx didn't
1541                   * convert "%%%f" to "%%%F" (note the uppercase F).
1542                   * This was because it didn't check to see if the leading "%" was escaped.
1543                   * And because the "Escape any unescaped percents" RegEx used "[sdF]" in its
1544                   * negative lookahead assertion, when there was an odd number of "%", it added
1545                   * an extra "%", to give the fully escaped "%%%%f" (not a placeholder).
1546                   */
1547  
1548                  $s = $split_query[ $key - 2 ] . $split_query[ $key - 1 ];
1549                  $k = 1;
1550                  $l = strlen( $s );
1551                  while ( $k <= $l && '%' === $s[ $l - $k ] ) {
1552                      ++$k;
1553                  }
1554  
1555                  $placeholder = '%' . ( $k % 2 ? '%' : '' ) . $format . $type;
1556  
1557                  --$placeholder_count;
1558  
1559              } else {
1560  
1561                  // Force floats to be locale-unaware.
1562                  if ( 'f' === $type ) {
1563                      $type        = 'F';
1564                      $placeholder = '%' . $format . $type;
1565                  }
1566  
1567                  if ( 'i' === $type ) {
1568                      $placeholder = '`%' . $format . 's`';
1569                      // Using a simple strpos() due to previous checking (e.g. $allowed_format).
1570                      $argnum_pos = strpos( $format, '$' );
1571  
1572                      if ( false !== $argnum_pos ) {
1573                          // sprintf() argnum starts at 1, $arg_id from 0.
1574                          $arg_identifiers[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 );
1575                      } else {
1576                          $arg_identifiers[] = $arg_id;
1577                      }
1578                  } elseif ( 'd' !== $type && 'F' !== $type ) {
1579                      /*
1580                       * i.e. ( 's' === $type ), where 'd' and 'F' keeps $placeholder unchanged,
1581                       * and we ensure string escaping is used as a safe default (e.g. even if 'x').
1582                       */
1583                      $argnum_pos = strpos( $format, '$' );
1584  
1585                      if ( false !== $argnum_pos ) {
1586                          $arg_strings[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 );
1587                      } else {
1588                          $arg_strings[] = $arg_id;
1589                      }
1590  
1591                      /*
1592                       * Unquoted strings for backward compatibility (dangerous).
1593                       * First, "numbered or formatted string placeholders (eg, %1$s, %5s)".
1594                       * Second, if "%s" has a "%" before it, even if it's unrelated (e.g. "LIKE '%%%s%%'").
1595                       */
1596                      if ( true !== $this->allow_unsafe_unquoted_parameters
1597                          /*
1598                           * Note: str_ends_with() is not used here, as this file can be included
1599                           * directly outside of WordPress core, e.g. by HyperDB, in which case
1600                           * the polyfills from wp-includes/compat.php are not loaded.
1601                           */
1602                          || ( '' === $format && '%' !== substr( $split_query[ $key - 1 ], -1, 1 ) )
1603                      ) {
1604                          $placeholder = "'%" . $format . "s'";
1605                      }
1606                  }
1607              }
1608  
1609              // Glue (-2), any leading characters (-1), then the new $placeholder.
1610              $new_query .= $split_query[ $key - 2 ] . $split_query[ $key - 1 ] . $placeholder;
1611  
1612              $key += 3;
1613              ++$arg_id;
1614          }
1615  
1616          // Replace $query; and add remaining $query characters, or index 0 if there were no placeholders.
1617          $query = $new_query . $split_query[ $key - 2 ];
1618  
1619          $dual_use = array_intersect( $arg_identifiers, $arg_strings );
1620  
1621          if ( count( $dual_use ) > 0 ) {
1622              wp_load_translations_early();
1623  
1624              $used_placeholders = array();
1625  
1626              $key    = 2;
1627              $arg_id = 0;
1628              // Parse again (only used when there is an error).
1629              while ( $key < $split_query_count ) {
1630                  $placeholder = $split_query[ $key ];
1631  
1632                  $format = substr( $placeholder, 1, -1 );
1633  
1634                  $argnum_pos = strpos( $format, '$' );
1635  
1636                  if ( false !== $argnum_pos ) {
1637                      $arg_pos = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 );
1638                  } else {
1639                      $arg_pos = $arg_id;
1640                  }
1641  
1642                  $used_placeholders[ $arg_pos ][] = $placeholder;
1643  
1644                  $key += 3;
1645                  ++$arg_id;
1646              }
1647  
1648              $conflicts = array();
1649              foreach ( $dual_use as $arg_pos ) {
1650                  $conflicts[] = implode( ' and ', $used_placeholders[ $arg_pos ] );
1651              }
1652  
1653              _doing_it_wrong(
1654                  'wpdb::prepare',
1655                  sprintf(
1656                      /* translators: %s: A list of placeholders found to be a problem. */
1657                      __( 'Arguments cannot be prepared as both an Identifier and Value. Found the following conflicts: %s' ),
1658                      implode( ', ', $conflicts )
1659                  ),
1660                  '6.2.0'
1661              );
1662  
1663              return;
1664          }
1665  
1666          $args_count = count( $args );
1667  
1668          if ( $args_count !== $placeholder_count ) {
1669              if ( 1 === $placeholder_count && $passed_as_array ) {
1670                  /*
1671                   * If the passed query only expected one argument,
1672                   * but the wrong number of arguments was sent as an array, bail.
1673                   */
1674                  wp_load_translations_early();
1675                  _doing_it_wrong(
1676                      'wpdb::prepare',
1677                      __( 'The query only expected one placeholder, but an array of multiple placeholders was sent.' ),
1678                      '4.9.0'
1679                  );
1680  
1681                  return;
1682              } else {
1683                  /*
1684                   * If we don't have the right number of placeholders,
1685                   * but they were passed as individual arguments,
1686                   * or we were expecting multiple arguments in an array, throw a warning.
1687                   */
1688                  wp_load_translations_early();
1689                  _doing_it_wrong(
1690                      'wpdb::prepare',
1691                      sprintf(
1692                          /* translators: 1: Number of placeholders, 2: Number of arguments passed. */
1693                          __( 'The query does not contain the correct number of placeholders (%1$d) for the number of arguments passed (%2$d).' ),
1694                          $placeholder_count,
1695                          $args_count
1696                      ),
1697                      '4.8.3'
1698                  );
1699  
1700                  /*
1701                   * If we don't have enough arguments to match the placeholders,
1702                   * return an empty string to avoid a fatal error on PHP 8.
1703                   */
1704                  if ( $args_count < $placeholder_count ) {
1705                      $max_numbered_placeholder = 0;
1706  
1707                      for ( $i = 2, $l = $split_query_count; $i < $l; $i += 3 ) {
1708                          // Assume a leading number is for a numbered placeholder, e.g. '%3$s'.
1709                          $argnum = (int) substr( $split_query[ $i ], 1 );
1710  
1711                          if ( $max_numbered_placeholder < $argnum ) {
1712                              $max_numbered_placeholder = $argnum;
1713                          }
1714                      }
1715  
1716                      if ( ! $max_numbered_placeholder || $args_count < $max_numbered_placeholder ) {
1717                          return '';
1718                      }
1719                  }
1720              }
1721          }
1722  
1723          $args_escaped = array();
1724  
1725          foreach ( $args as $i => $value ) {
1726              if ( in_array( $i, $arg_identifiers, true ) ) {
1727                  $args_escaped[] = $this->_escape_identifier_value( $value );
1728              } elseif ( is_int( $value ) || is_float( $value ) ) {
1729                  $args_escaped[] = $value;
1730              } else {
1731                  if ( ! is_scalar( $value ) && ! is_null( $value ) ) {
1732                      wp_load_translations_early();
1733                      _doing_it_wrong(
1734                          'wpdb::prepare',
1735                          sprintf(
1736                              /* translators: %s: Value type. */
1737                              __( 'Unsupported value type (%s).' ),
1738                              gettype( $value )
1739                          ),
1740                          '4.8.2'
1741                      );
1742  
1743                      // Preserving old behavior, where values are escaped as strings.
1744                      $value = '';
1745                  }
1746  
1747                  $args_escaped[] = $this->_real_escape( $value );
1748              }
1749          }
1750  
1751          $query = vsprintf( $query, $args_escaped );
1752  
1753          return $this->add_placeholder_escape( $query );
1754      }
1755  
1756      /**
1757       * First half of escaping for `LIKE` special characters `%` and `_` before preparing for SQL.
1758       *
1759       * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security.
1760       *
1761       * Example Prepared Statement:
1762       *
1763       *     $wild = '%';
1764       *     $find = 'only 43% of planets';
1765       *     $like = $wild . $wpdb->esc_like( $find ) . $wild;
1766       *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
1767       *
1768       * Example Escape Chain:
1769       *
1770       *     $sql  = esc_sql( $wpdb->esc_like( $input ) );
1771       *
1772       * @since 4.0.0
1773       *
1774       * @param string $text The raw text to be escaped. The input typed by the user
1775       *                     should have no extra or deleted slashes.
1776       * @return string Text in the form of a LIKE phrase. The output is not SQL safe.
1777       *                Call wpdb::prepare() or wpdb::_real_escape() next.
1778       */
1779  	public function esc_like( $text ) {
1780          return addcslashes( $text, '_%\\' );
1781      }
1782  
1783      /**
1784       * Prints SQL/DB error.
1785       *
1786       * @since 0.71
1787       *
1788       * @global array $EZSQL_ERROR Stores error information of query and error string.
1789       *
1790       * @param string $str The error to display.
1791       * @return void|false Void if the showing of errors is enabled, false if disabled.
1792       */
1793  	public function print_error( $str = '' ) {
1794          global $EZSQL_ERROR;
1795  
1796          if ( ! $str ) {
1797              $str = mysqli_error( $this->dbh );
1798          }
1799  
1800          $EZSQL_ERROR[] = array(
1801              'query'     => $this->last_query,
1802              'error_str' => $str,
1803          );
1804  
1805          if ( $this->suppress_errors ) {
1806              return false;
1807          }
1808  
1809          $caller = $this->get_caller();
1810          if ( $caller ) {
1811              // Not translated, as this will only appear in the error log.
1812              $error_str = sprintf( 'WordPress database error %1$s for query %2$s made by %3$s', $str, $this->last_query, $caller );
1813          } else {
1814              $error_str = sprintf( 'WordPress database error %1$s for query %2$s', $str, $this->last_query );
1815          }
1816  
1817          error_log( $error_str );
1818  
1819          // Are we showing errors?
1820          if ( ! $this->show_errors ) {
1821              return false;
1822          }
1823  
1824          wp_load_translations_early();
1825  
1826          // If there is an error then take note of it.
1827          if ( is_multisite() ) {
1828              $msg = sprintf(
1829                  "%s [%s]\n%s\n",
1830                  __( 'WordPress database error:' ),
1831                  $str,
1832                  $this->last_query
1833              );
1834  
1835              if ( defined( 'ERRORLOGFILE' ) ) {
1836                  error_log( $msg, 3, ERRORLOGFILE );
1837              }
1838              if ( defined( 'DIEONDBERROR' ) ) {
1839                  wp_die( $msg );
1840              }
1841          } else {
1842              $str   = htmlspecialchars( $str, ENT_QUOTES );
1843              $query = htmlspecialchars( $this->last_query, ENT_QUOTES );
1844  
1845              printf(
1846                  '<div id="error"><p class="wpdberror"><strong>%s</strong> [%s]<br /><code>%s</code></p></div>',
1847                  __( 'WordPress database error:' ),
1848                  $str,
1849                  $query
1850              );
1851          }
1852      }
1853  
1854      /**
1855       * Enables showing of database errors.
1856       *
1857       * This function should be used only to enable showing of errors.
1858       * wpdb::hide_errors() should be used instead for hiding errors.
1859       *
1860       * @since 0.71
1861       *
1862       * @see wpdb::hide_errors()
1863       *
1864       * @param bool $show Optional. Whether to show errors. Default true.
1865       * @return bool Whether showing of errors was previously active.
1866       */
1867  	public function show_errors( $show = true ) {
1868          $errors            = $this->show_errors;
1869          $this->show_errors = $show;
1870          return $errors;
1871      }
1872  
1873      /**
1874       * Disables showing of database errors.
1875       *
1876       * By default database errors are not shown.
1877       *
1878       * @since 0.71
1879       *
1880       * @see wpdb::show_errors()
1881       *
1882       * @return bool Whether showing of errors was previously active.
1883       */
1884  	public function hide_errors() {
1885          $show              = $this->show_errors;
1886          $this->show_errors = false;
1887          return $show;
1888      }
1889  
1890      /**
1891       * Enables or disables suppressing of database errors.
1892       *
1893       * By default database errors are suppressed.
1894       *
1895       * @since 2.5.0
1896       *
1897       * @see wpdb::hide_errors()
1898       *
1899       * @param bool $suppress Optional. Whether to suppress errors. Default true.
1900       * @return bool Whether suppressing of errors was previously active.
1901       */
1902  	public function suppress_errors( $suppress = true ) {
1903          $errors                = $this->suppress_errors;
1904          $this->suppress_errors = (bool) $suppress;
1905          return $errors;
1906      }
1907  
1908      /**
1909       * Kills cached query results.
1910       *
1911       * @since 0.71
1912       */
1913  	public function flush() {
1914          $this->last_result   = array();
1915          $this->col_info      = null;
1916          $this->last_query    = null;
1917          $this->rows_affected = 0;
1918          $this->num_rows      = 0;
1919          $this->last_error    = '';
1920  
1921          if ( $this->result instanceof mysqli_result ) {
1922              mysqli_free_result( $this->result );
1923              $this->result = null;
1924  
1925              // Confidence check before using the handle.
1926              if ( empty( $this->dbh ) || ! ( $this->dbh instanceof mysqli ) ) {
1927                  return;
1928              }
1929  
1930              // Clear out any results from a multi-query.
1931              while ( mysqli_more_results( $this->dbh ) ) {
1932                  mysqli_next_result( $this->dbh );
1933              }
1934          }
1935      }
1936  
1937      /**
1938       * Connects to and selects database.
1939       *
1940       * If `$allow_bail` is false, the lack of database connection will need to be handled manually.
1941       *
1942       * @since 3.0.0
1943       * @since 3.9.0 $allow_bail parameter added.
1944       *
1945       * @param bool $allow_bail Optional. Allows the function to bail. Default true.
1946       * @return bool True with a successful connection, false on failure.
1947       */
1948  	public function db_connect( $allow_bail = true ) {
1949          $this->is_mysql = true;
1950  
1951          $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : 0;
1952  
1953          /*
1954           * Set the MySQLi error reporting off because WordPress handles its own.
1955           * This is due to the default value change from `MYSQLI_REPORT_OFF`
1956           * to `MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT` in PHP 8.1.
1957           */
1958          mysqli_report( MYSQLI_REPORT_OFF );
1959  
1960          $this->dbh = mysqli_init();
1961  
1962          $host    = $this->dbhost;
1963          $port    = null;
1964          $socket  = null;
1965          $is_ipv6 = false;
1966  
1967          $host_data = $this->parse_db_host( $this->dbhost );
1968          if ( $host_data ) {
1969              list( $host, $port, $socket, $is_ipv6 ) = $host_data;
1970          }
1971  
1972          /*
1973           * If using the `mysqlnd` library, the IPv6 address needs to be enclosed
1974           * in square brackets, whereas it doesn't while using the `libmysqlclient` library.
1975           * @see https://bugs.php.net/bug.php?id=67563
1976           */
1977          if ( $is_ipv6 && extension_loaded( 'mysqlnd' ) ) {
1978              $host = "[$host]";
1979          }
1980  
1981          if ( WP_DEBUG ) {
1982              mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );
1983          } else {
1984              // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged
1985              @mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags );
1986          }
1987  
1988          if ( $this->dbh->connect_errno ) {
1989              $this->dbh = null;
1990          }
1991  
1992          if ( ! $this->dbh && $allow_bail ) {
1993              wp_load_translations_early();
1994  
1995              // Load custom DB error template, if present.
1996              if ( file_exists( WP_CONTENT_DIR . '/db-error.php' ) ) {
1997                  require_once WP_CONTENT_DIR . '/db-error.php';
1998                  die();
1999              }
2000  
2001              $message = '<h1>' . __( 'Error establishing a database connection' ) . "</h1>\n";
2002  
2003              $message .= '<p>' . sprintf(
2004                  /* translators: 1: wp-config.php, 2: Database host. */
2005                  __( 'This either means that the username and password information in your %1$s file is incorrect or that contact with the database server at %2$s could not be established. This could mean your host&#8217;s database server is down.' ),
2006                  '<code>wp-config.php</code>',
2007                  '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>'
2008              ) . "</p>\n";
2009  
2010              $message .= "<ul>\n";
2011              $message .= '<li>' . __( 'Are you sure you have the correct username and password?' ) . "</li>\n";
2012              $message .= '<li>' . __( 'Are you sure you have typed the correct hostname?' ) . "</li>\n";
2013              $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n";
2014              $message .= "</ul>\n";
2015  
2016              $message .= '<p>' . sprintf(
2017                  /* translators: %s: Support forums URL. */
2018                  __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ),
2019                  __( 'https://wordpress.org/support/forums/' )
2020              ) . "</p>\n";
2021  
2022              $this->bail( $message, 'db_connect_fail' );
2023  
2024              return false;
2025          } elseif ( $this->dbh ) {
2026              if ( ! $this->has_connected ) {
2027                  $this->init_charset();
2028              }
2029  
2030              $this->has_connected = true;
2031  
2032              $this->set_charset( $this->dbh );
2033  
2034              $this->ready = true;
2035              $this->set_sql_mode();
2036              $this->select( $this->dbname, $this->dbh );
2037  
2038              return true;
2039          }
2040  
2041          return false;
2042      }
2043  
2044      /**
2045       * Parses the DB_HOST setting to interpret it for mysqli_real_connect().
2046       *
2047       * mysqli_real_connect() doesn't support the host param including a port or socket
2048       * like mysql_connect() does. This duplicates how mysql_connect() detects a port
2049       * and/or socket file.
2050       *
2051       * @since 4.9.0
2052       *
2053       * @param string $host The DB_HOST setting to parse.
2054       * @return array|false {
2055       *     Array containing the host, the port, the socket and
2056       *     whether it is an IPv6 address, in that order.
2057       *     False if the host couldn't be parsed.
2058       *
2059       *     @type string      $0 Host name.
2060       *     @type string|null $1 Port.
2061       *     @type string|null $2 Socket.
2062       *     @type bool        $3 Whether it is an IPv6 address.
2063       * }
2064       */
2065  	public function parse_db_host( $host ) {
2066          $socket  = null;
2067          $is_ipv6 = false;
2068  
2069          // First peel off the socket parameter from the right, if it exists.
2070          $socket_pos = strpos( $host, ':/' );
2071          if ( false !== $socket_pos ) {
2072              $socket = substr( $host, $socket_pos + 1 );
2073              $host   = substr( $host, 0, $socket_pos );
2074          }
2075  
2076          /*
2077           * We need to check for an IPv6 address first.
2078           * An IPv6 address will always contain at least two colons.
2079           */
2080          if ( substr_count( $host, ':' ) > 1 ) {
2081              $pattern = '#^(?:\[)?(?P<host>[0-9a-fA-F:]+)(?:\]:(?P<port>[\d]+))?#';
2082              $is_ipv6 = true;
2083          } else {
2084              // We seem to be dealing with an IPv4 address.
2085              $pattern = '#^(?P<host>[^:/]*)(?::(?P<port>[\d]+))?#';
2086          }
2087  
2088          $matches = array();
2089          $result  = preg_match( $pattern, $host, $matches );
2090  
2091          if ( 1 !== $result ) {
2092              // Couldn't parse the address, bail.
2093              return false;
2094          }
2095  
2096          $host = ! empty( $matches['host'] ) ? $matches['host'] : '';
2097          // MySQLi port cannot be a string; must be null or an integer.
2098          $port = ! empty( $matches['port'] ) ? absint( $matches['port'] ) : null;
2099  
2100          return array( $host, $port, $socket, $is_ipv6 );
2101      }
2102  
2103      /**
2104       * Checks that the connection to the database is still up. If not, try to reconnect.
2105       *
2106       * If this function is unable to reconnect, it will forcibly die, or if called
2107       * after the {@see 'template_redirect'} hook has been fired, return false instead.
2108       *
2109       * If `$allow_bail` is false, the lack of database connection will need to be handled manually.
2110       *
2111       * @since 3.9.0
2112       *
2113       * @param bool $allow_bail Optional. Allows the function to bail. Default true.
2114       * @return bool|void True if the connection is up.
2115       */
2116  	public function check_connection( $allow_bail = true ) {
2117          // Check if the connection is alive.
2118          if ( ! empty( $this->dbh ) && mysqli_query( $this->dbh, 'DO 1' ) !== false ) {
2119              return true;
2120          }
2121  
2122          $error_reporting = false;
2123  
2124          // Disable warnings, as we don't want to see a multitude of "unable to connect" messages.
2125          if ( WP_DEBUG ) {
2126              $error_reporting = error_reporting();
2127              error_reporting( $error_reporting & ~E_WARNING );
2128          }
2129  
2130          for ( $tries = 1; $tries <= $this->reconnect_retries; $tries++ ) {
2131              /*
2132               * On the last try, re-enable warnings. We want to see a single instance
2133               * of the "unable to connect" message on the bail() screen, if it appears.
2134               */
2135              if ( $this->reconnect_retries === $tries && WP_DEBUG ) {
2136                  error_reporting( $error_reporting );
2137              }
2138  
2139              if ( $this->db_connect( false ) ) {
2140                  if ( $error_reporting ) {
2141                      error_reporting( $error_reporting );
2142                  }
2143  
2144                  return true;
2145              }
2146  
2147              sleep( 1 );
2148          }
2149  
2150          /*
2151           * If template_redirect has already happened, it's too late for wp_die()/dead_db().
2152           * Let's just return and hope for the best.
2153           */
2154          if ( did_action( 'template_redirect' ) ) {
2155              return false;
2156          }
2157  
2158          if ( ! $allow_bail ) {
2159              return false;
2160          }
2161  
2162          wp_load_translations_early();
2163  
2164          $message = '<h1>' . __( 'Error reconnecting to the database' ) . "</h1>\n";
2165  
2166          $message .= '<p>' . sprintf(
2167              /* translators: %s: Database host. */
2168              __( 'This means that the contact with the database server at %s was lost. This could mean your host&#8217;s database server is down.' ),
2169              '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>'
2170          ) . "</p>\n";
2171  
2172          $message .= "<ul>\n";
2173          $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n";
2174          $message .= '<li>' . __( 'Are you sure the database server is not under particularly heavy load?' ) . "</li>\n";
2175          $message .= "</ul>\n";
2176  
2177          $message .= '<p>' . sprintf(
2178              /* translators: %s: Support forums URL. */
2179              __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ),
2180              __( 'https://wordpress.org/support/forums/' )
2181          ) . "</p>\n";
2182  
2183          // We weren't able to reconnect, so we better bail.
2184          $this->bail( $message, 'db_connect_fail' );
2185  
2186          /*
2187           * Call dead_db() if bail didn't die, because this database is no more.
2188           * It has ceased to be (at least temporarily).
2189           */
2190          dead_db();
2191      }
2192  
2193      /**
2194       * Performs a database query, using current database connection.
2195       *
2196       * More information can be found on the documentation page.
2197       *
2198       * @since 0.71
2199       *
2200       * @link https://developer.wordpress.org/reference/classes/wpdb/
2201       *
2202       * @param string $query Database query.
2203       * @return int|bool Boolean true for CREATE, ALTER, TRUNCATE and DROP queries. Number of rows
2204       *                  affected/selected for all other queries. Boolean false on error.
2205       */
2206  	public function query( $query ) {
2207          if ( ! $this->ready ) {
2208              $this->check_current_query = true;
2209              return false;
2210          }
2211  
2212          /**
2213           * Filters the database query.
2214           *
2215           * Some queries are made before the plugins have been loaded,
2216           * and thus cannot be filtered with this method.
2217           *
2218           * @since 2.1.0
2219           *
2220           * @param string $query Database query.
2221           */
2222          $query = apply_filters( 'query', $query );
2223  
2224          if ( ! $query ) {
2225              $this->insert_id = 0;
2226              return false;
2227          }
2228  
2229          $this->flush();
2230  
2231          // Log how the function was called.
2232          $this->func_call = "\$db->query(\"$query\")";
2233  
2234          // If we're writing to the database, make sure the query will write safely.
2235          if ( $this->check_current_query && ! $this->check_ascii( $query ) ) {
2236              $stripped_query = $this->strip_invalid_text_from_query( $query );
2237              /*
2238               * strip_invalid_text_from_query() can perform queries, so we need
2239               * to flush again, just to make sure everything is clear.
2240               */
2241              $this->flush();
2242              if ( $stripped_query !== $query ) {
2243                  $this->insert_id  = 0;
2244                  $this->last_query = $query;
2245  
2246                  wp_load_translations_early();
2247  
2248                  $this->last_error = __( 'WordPress database error: Could not perform query because it contains invalid data.' );
2249  
2250                  return false;
2251              }
2252          }
2253  
2254          $this->check_current_query = true;
2255  
2256          // Keep track of the last query for debug.
2257          $this->last_query = $query;
2258  
2259          $this->_do_query( $query );
2260  
2261          // Database server has gone away, try to reconnect.
2262          $mysql_errno = 0;
2263  
2264          if ( $this->dbh instanceof mysqli ) {
2265              $mysql_errno = mysqli_errno( $this->dbh );
2266          } else {
2267              /*
2268               * $dbh is defined, but isn't a real connection.
2269               * Something has gone horribly wrong, let's try a reconnect.
2270               */
2271              $mysql_errno = 2006;
2272          }
2273  
2274          if ( empty( $this->dbh ) || 2006 === $mysql_errno ) {
2275              if ( $this->check_connection() ) {
2276                  $this->_do_query( $query );
2277              } else {
2278                  $this->insert_id = 0;
2279                  return false;
2280              }
2281          }
2282  
2283          // If there is an error then take note of it.
2284          if ( $this->dbh instanceof mysqli ) {
2285              $this->last_error = mysqli_error( $this->dbh );
2286          } else {
2287              $this->last_error = __( 'Unable to retrieve the error message from MySQL' );
2288          }
2289  
2290          if ( $this->last_error ) {
2291              // Clear insert_id on a subsequent failed insert.
2292              if ( $this->insert_id && preg_match( '/^\s*(insert|replace)\s/i', $query ) ) {
2293                  $this->insert_id = 0;
2294              }
2295  
2296              $this->print_error();
2297              return false;
2298          }
2299  
2300          if ( preg_match( '/^\s*(create|alter|truncate|drop)\s/i', $query ) ) {
2301              $return_val = $this->result;
2302          } elseif ( preg_match( '/^\s*(insert|delete|update|replace)\s/i', $query ) ) {
2303              $this->rows_affected = mysqli_affected_rows( $this->dbh );
2304  
2305              // Take note of the insert_id.
2306              if ( preg_match( '/^\s*(insert|replace)\s/i', $query ) ) {
2307                  $this->insert_id = mysqli_insert_id( $this->dbh );
2308              }
2309  
2310              // Return number of rows affected.
2311              $return_val = $this->rows_affected;
2312          } else {
2313              $num_rows = 0;
2314  
2315              if ( $this->result instanceof mysqli_result ) {
2316                  while ( $row = mysqli_fetch_object( $this->result ) ) {
2317                      $this->last_result[ $num_rows ] = $row;
2318                      ++$num_rows;
2319                  }
2320              }
2321  
2322              // Log and return the number of rows selected.
2323              $this->num_rows = $num_rows;
2324              $return_val     = $num_rows;
2325          }
2326  
2327          return $return_val;
2328      }
2329  
2330      /**
2331       * Internal function to perform the mysqli_query() call.
2332       *
2333       * @since 3.9.0
2334       *
2335       * @see wpdb::query()
2336       *
2337       * @param string $query The query to run.
2338       */
2339  	private function _do_query( $query ) {
2340          if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) {
2341              $this->timer_start();
2342          }
2343  
2344          if ( ! empty( $this->dbh ) ) {
2345              $this->result = mysqli_query( $this->dbh, $query );
2346          }
2347  
2348          ++$this->num_queries;
2349  
2350          if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) {
2351              $this->log_query(
2352                  $query,
2353                  $this->timer_stop(),
2354                  $this->get_caller(),
2355                  $this->time_start,
2356                  array()
2357              );
2358          }
2359      }
2360  
2361      /**
2362       * Logs query data.
2363       *
2364       * @since 5.3.0
2365       *
2366       * @param string $query           The query's SQL.
2367       * @param float  $query_time      Total time spent on the query, in seconds.
2368       * @param string $query_callstack Comma-separated list of the calling functions.
2369       * @param float  $query_start     Unix timestamp of the time at the start of the query.
2370       * @param array  $query_data      Custom query data.
2371       */
2372  	public function log_query( $query, $query_time, $query_callstack, $query_start, $query_data ) {
2373          /**
2374           * Filters the custom data to log alongside a query.
2375           *
2376           * Caution should be used when modifying any of this data, it is recommended that any additional
2377           * information you need to store about a query be added as a new associative array element.
2378           *
2379           * @since 5.3.0
2380           *
2381           * @param array  $query_data      Custom query data.
2382           * @param string $query           The query's SQL.
2383           * @param float  $query_time      Total time spent on the query, in seconds.
2384           * @param string $query_callstack Comma-separated list of the calling functions.
2385           * @param float  $query_start     Unix timestamp of the time at the start of the query.
2386           */
2387          $query_data = apply_filters( 'log_query_custom_data', $query_data, $query, $query_time, $query_callstack, $query_start );
2388  
2389          $this->queries[] = array(
2390              $query,
2391              $query_time,
2392              $query_callstack,
2393              $query_start,
2394              $query_data,
2395          );
2396      }
2397  
2398      /**
2399       * Generates and returns a placeholder escape string for use in queries returned by ::prepare().
2400       *
2401       * @since 4.8.3
2402       *
2403       * @return string String to escape placeholders.
2404       */
2405  	public function placeholder_escape() {
2406          static $placeholder;
2407  
2408          if ( ! $placeholder ) {
2409              // If ext/hash is not present, compat.php's hash_hmac() does not support sha256.
2410              $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1';
2411              // Old WP installs may not have AUTH_SALT defined.
2412              $salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand();
2413  
2414              $placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}';
2415          }
2416  
2417          /*
2418           * Add the filter to remove the placeholder escaper. Uses priority 0, so that anything
2419           * else attached to this filter will receive the query with the placeholder string removed.
2420           */
2421          if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) {
2422              add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 );
2423          }
2424  
2425          return $placeholder;
2426      }
2427  
2428      /**
2429       * Adds a placeholder escape string, to escape anything that resembles a printf() placeholder.
2430       *
2431       * @since 4.8.3
2432       *
2433       * @param string $query The query to escape.
2434       * @return string The query with the placeholder escape string inserted where necessary.
2435       */
2436  	public function add_placeholder_escape( $query ) {
2437          /*
2438           * To prevent returning anything that even vaguely resembles a placeholder,
2439           * we clobber every % we can find.
2440           */
2441          return str_replace( '%', $this->placeholder_escape(), $query );
2442      }
2443  
2444      /**
2445       * Removes the placeholder escape strings from a query.
2446       *
2447       * @since 4.8.3
2448       *
2449       * @param string $query The query from which the placeholder will be removed.
2450       * @return string The query with the placeholder removed.
2451       */
2452  	public function remove_placeholder_escape( $query ) {
2453          return str_replace( $this->placeholder_escape(), '%', $query );
2454      }
2455  
2456      /**
2457       * Inserts a row into the table.
2458       *
2459       * Examples:
2460       *
2461       *     $wpdb->insert(
2462       *         'table',
2463       *         array(
2464       *             'column1' => 'foo',
2465       *             'column2' => 'bar',
2466       *         )
2467       *     );
2468       *     $wpdb->insert(
2469       *         'table',
2470       *         array(
2471       *             'column1' => 'foo',
2472       *             'column2' => 1337,
2473       *         ),
2474       *         array(
2475       *             '%s',
2476       *             '%d',
2477       *         )
2478       *     );
2479       *
2480       * @since 2.5.0
2481       *
2482       * @see wpdb::prepare()
2483       * @see wpdb::$field_types
2484       * @see wp_set_wpdb_vars()
2485       *
2486       * @param string          $table  Table name.
2487       * @param array           $data   Data to insert (in column => value pairs).
2488       *                                Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped).
2489       *                                Sending a null value will cause the column to be set to NULL - the corresponding
2490       *                                format is ignored in this case.
2491       * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`.
2492       *                                If string, that format will be used for all of the values in `$data`.
2493       *                                A format is one of '%d', '%f', '%s' (integer, float, string).
2494       *                                If omitted, all values in `$data` will be treated as strings unless otherwise
2495       *                                specified in wpdb::$field_types. Default null.
2496       * @return int|false The number of rows inserted, or false on error.
2497       */
2498  	public function insert( $table, $data, $format = null ) {
2499          return $this->_insert_replace_helper( $table, $data, $format, 'INSERT' );
2500      }
2501  
2502      /**
2503       * Replaces a row in the table or inserts it if it does not exist, based on a PRIMARY KEY or a UNIQUE index.
2504       *
2505       * A REPLACE works exactly like an INSERT, except that if an old row in the table has the same value as a new row
2506       * for a PRIMARY KEY or a UNIQUE index, the old row is deleted before the new row is inserted.
2507       *
2508       * Examples:
2509       *
2510       *     $wpdb->replace(
2511       *         'table',
2512       *         array(
2513       *             'ID'      => 123,
2514       *             'column1' => 'foo',
2515       *             'column2' => 'bar',
2516       *         )
2517       *     );
2518       *     $wpdb->replace(
2519       *         'table',
2520       *         array(
2521       *             'ID'      => 456,
2522       *             'column1' => 'foo',
2523       *             'column2' => 1337,
2524       *         ),
2525       *         array(
2526       *             '%d',
2527       *             '%s',
2528       *             '%d',
2529       *         )
2530       *     );
2531       *
2532       * @since 3.0.0
2533       *
2534       * @see wpdb::prepare()
2535       * @see wpdb::$field_types
2536       * @see wp_set_wpdb_vars()
2537       *
2538       * @param string          $table  Table name.
2539       * @param array           $data   Data to insert (in column => value pairs).
2540       *                                Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped).
2541       *                                A primary key or unique index is required to perform a replace operation.
2542       *                                Sending a null value will cause the column to be set to NULL - the corresponding
2543       *                                format is ignored in this case.
2544       * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`.
2545       *                                If string, that format will be used for all of the values in `$data`.
2546       *                                A format is one of '%d', '%f', '%s' (integer, float, string).
2547       *                                If omitted, all values in `$data` will be treated as strings unless otherwise
2548       *                                specified in wpdb::$field_types. Default null.
2549       * @return int|false The number of rows affected, or false on error.
2550       */
2551  	public function replace( $table, $data, $format = null ) {
2552          return $this->_insert_replace_helper( $table, $data, $format, 'REPLACE' );
2553      }
2554  
2555      /**
2556       * Helper function for insert and replace.
2557       *
2558       * Runs an insert or replace query based on `$type` argument.
2559       *
2560       * @since 3.0.0
2561       *
2562       * @see wpdb::prepare()
2563       * @see wpdb::$field_types
2564       * @see wp_set_wpdb_vars()
2565       *
2566       * @param string          $table  Table name.
2567       * @param array           $data   Data to insert (in column => value pairs).
2568       *                                Both `$data` columns and `$data` values should be "raw" (neither should be SQL escaped).
2569       *                                Sending a null value will cause the column to be set to NULL - the corresponding
2570       *                                format is ignored in this case.
2571       * @param string[]|string $format Optional. An array of formats to be mapped to each of the value in `$data`.
2572       *                                If string, that format will be used for all of the values in `$data`.
2573       *                                A format is one of '%d', '%f', '%s' (integer, float, string).
2574       *                                If omitted, all values in `$data` will be treated as strings unless otherwise
2575       *                                specified in wpdb::$field_types. Default null.
2576       * @param string          $type   Optional. Type of operation. Either 'INSERT' or 'REPLACE'.
2577       *                                Default 'INSERT'.
2578       * @return int|false The number of rows affected, or false on error.
2579       */
2580  	public function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) {
2581          $this->insert_id = 0;
2582  
2583          if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ), true ) ) {
2584              return false;
2585          }
2586  
2587          $data = $this->process_fields( $table, $data, $format );
2588          if ( false === $data ) {
2589              return false;
2590          }
2591  
2592          $formats = array();
2593          $values  = array();
2594          foreach ( $data as $value ) {
2595              if ( is_null( $value['value'] ) ) {
2596                  $formats[] = 'NULL';
2597                  continue;
2598              }
2599  
2600              $formats[] = $value['format'];
2601              $values[]  = $value['value'];
2602          }
2603  
2604          $fields  = '`' . implode( '`, `', array_keys( $data ) ) . '`';
2605          $formats = implode( ', ', $formats );
2606  
2607          $sql = "$type INTO `$table` ($fields) VALUES ($formats)";
2608  
2609          $this->check_current_query = false;
2610          return $this->query( $this->prepare( $sql, $values ) );
2611      }
2612  
2613      /**
2614       * Updates a row in the table.
2615       *
2616       * Examples:
2617       *
2618       *     $wpdb->update(
2619       *         'table',
2620       *         array(
2621       *             'column1' => 'foo',
2622       *             'column2' => 'bar',
2623       *         ),
2624       *         array(
2625       *             'ID' => 1,
2626       *         )
2627       *     );
2628       *     $wpdb->update(
2629       *         'table',
2630       *         array(
2631       *             'column1' => 'foo',
2632       *             'column2' => 1337,
2633       *         ),
2634       *         array(
2635       *             'ID' => 1,
2636       *         ),
2637       *         array(
2638       *             '%s',
2639       *             '%d',
2640       *         ),
2641       *         array(
2642       *             '%d',
2643       *         )
2644       *     );
2645       *
2646       * @since 2.5.0
2647       *
2648       * @see wpdb::prepare()
2649       * @see wpdb::$field_types
2650       * @see wp_set_wpdb_vars()
2651       *
2652       * @param string       $table           Table name.
2653       * @param array        $data            Data to update (in column => value pairs).
2654       *                                      Both $data columns and $data values should be "raw" (neither should be SQL escaped).
2655       *                                      Sending a null value will cause the column to be set to NULL - the corresponding
2656       *                                      format is ignored in this case.
2657       * @param array        $where           A named array of WHERE clauses (in column => value pairs).
2658       *                                      Multiple clauses will be joined with ANDs.
2659       *                                      Both $where columns and $where values should be "raw".
2660       *                                      Sending a null value will create an IS NULL comparison - the corresponding
2661       *                                      format will be ignored in this case.
2662       * @param string[]|string $format       Optional. An array of formats to be mapped to each of the values in $data.
2663       *                                      If string, that format will be used for all of the values in $data.
2664       *                                      A format is one of '%d', '%f', '%s' (integer, float, string).
2665       *                                      If omitted, all values in $data will be treated as strings unless otherwise
2666       *                                      specified in wpdb::$field_types. Default null.
2667       * @param string[]|string $where_format Optional. An array of formats to be mapped to each of the values in $where.
2668       *                                      If string, that format will be used for all of the items in $where.
2669       *                                      A format is one of '%d', '%f', '%s' (integer, float, string).
2670       *                                      If omitted, all values in $where will be treated as strings unless otherwise
2671       *                                      specified in wpdb::$field_types. Default null.
2672       * @return int|false The number of rows updated, or false on error.
2673       */
2674  	public function update( $table, $data, $where, $format = null, $where_format = null ) {
2675          if ( ! is_array( $data ) || ! is_array( $where ) ) {
2676              return false;
2677          }
2678  
2679          $data = $this->process_fields( $table, $data, $format );
2680          if ( false === $data ) {
2681              return false;
2682          }
2683          $where = $this->process_fields( $table, $where, $where_format );
2684          if ( false === $where ) {
2685              return false;
2686          }
2687  
2688          $fields     = array();
2689          $conditions = array();
2690          $values     = array();
2691          foreach ( $data as $field => $value ) {
2692              if ( is_null( $value['value'] ) ) {
2693                  $fields[] = "`$field` = NULL";
2694                  continue;
2695              }
2696  
2697              $fields[] = "`$field` = " . $value['format'];
2698              $values[] = $value['value'];
2699          }
2700          foreach ( $where as $field => $value ) {
2701              if ( is_null( $value['value'] ) ) {
2702                  $conditions[] = "`$field` IS NULL";
2703                  continue;
2704              }
2705  
2706              $conditions[] = "`$field` = " . $value['format'];
2707              $values[]     = $value['value'];
2708          }
2709  
2710          $fields     = implode( ', ', $fields );
2711          $conditions = implode( ' AND ', $conditions );
2712  
2713          $sql = "UPDATE `$table` SET $fields WHERE $conditions";
2714  
2715          $this->check_current_query = false;
2716          return $this->query( $this->prepare( $sql, $values ) );
2717      }
2718  
2719      /**
2720       * Deletes a row in the table.
2721       *
2722       * Examples:
2723       *
2724       *     $wpdb->delete(
2725       *         'table',
2726       *         array(
2727       *             'ID' => 1,
2728       *         )
2729       *     );
2730       *     $wpdb->delete(
2731       *         'table',
2732       *         array(
2733       *             'ID' => 1,
2734       *         ),
2735       *         array(
2736       *             '%d',
2737       *         )
2738       *     );
2739       *
2740       * @since 3.4.0
2741       *
2742       * @see wpdb::prepare()
2743       * @see wpdb::$field_types
2744       * @see wp_set_wpdb_vars()
2745       *
2746       * @param string          $table        Table name.
2747       * @param array           $where        A named array of WHERE clauses (in column => value pairs).
2748       *                                      Multiple clauses will be joined with ANDs.
2749       *                                      Both $where columns and $where values should be "raw".
2750       *                                      Sending a null value will create an IS NULL comparison - the corresponding
2751       *                                      format will be ignored in this case.
2752       * @param string[]|string $where_format Optional. An array of formats to be mapped to each of the values in $where.
2753       *                                      If string, that format will be used for all of the items in $where.
2754       *                                      A format is one of '%d', '%f', '%s' (integer, float, string).
2755       *                                      If omitted, all values in $data will be treated as strings unless otherwise
2756       *                                      specified in wpdb::$field_types. Default null.
2757       * @return int|false The number of rows deleted, or false on error.
2758       */
2759  	public function delete( $table, $where, $where_format = null ) {
2760          if ( ! is_array( $where ) ) {
2761              return false;
2762          }
2763  
2764          $where = $this->process_fields( $table, $where, $where_format );
2765          if ( false === $where ) {
2766              return false;
2767          }
2768  
2769          $conditions = array();
2770          $values     = array();
2771          foreach ( $where as $field => $value ) {
2772              if ( is_null( $value['value'] ) ) {
2773                  $conditions[] = "`$field` IS NULL";
2774                  continue;
2775              }
2776  
2777              $conditions[] = "`$field` = " . $value['format'];
2778              $values[]     = $value['value'];
2779          }
2780  
2781          $conditions = implode( ' AND ', $conditions );
2782  
2783          $sql = "DELETE FROM `$table` WHERE $conditions";
2784  
2785          $this->check_current_query = false;
2786          return $this->query( $this->prepare( $sql, $values ) );
2787      }
2788  
2789      /**
2790       * Processes arrays of field/value pairs and field formats.
2791       *
2792       * This is a helper method for wpdb's CRUD methods, which take field/value pairs
2793       * for inserts, updates, and where clauses. This method first pairs each value
2794       * with a format. Then it determines the charset of that field, using that
2795       * to determine if any invalid text would be stripped. If text is stripped,
2796       * then field processing is rejected and the query fails.
2797       *
2798       * @since 4.2.0
2799       *
2800       * @param string          $table  Table name.
2801       * @param array           $data   Array of values keyed by their field names.
2802       * @param string[]|string $format Formats or format to be mapped to the values in the data.
2803       * @return array|false An array of fields that contain paired value and formats.
2804       *                     False for invalid values.
2805       */
2806  	protected function process_fields( $table, $data, $format ) {
2807          $data = $this->process_field_formats( $data, $format );
2808          if ( false === $data ) {
2809              return false;
2810          }
2811  
2812          $data = $this->process_field_charsets( $data, $table );
2813          if ( false === $data ) {
2814              return false;
2815          }
2816  
2817          $data = $this->process_field_lengths( $data, $table );
2818          if ( false === $data ) {
2819              return false;
2820          }
2821  
2822          $converted_data = $this->strip_invalid_text( $data );
2823  
2824          if ( $data !== $converted_data ) {
2825  
2826              $problem_fields = array();
2827              foreach ( $data as $field => $value ) {
2828                  if ( $value !== $converted_data[ $field ] ) {
2829                      $problem_fields[] = $field;
2830                  }
2831              }
2832  
2833              wp_load_translations_early();
2834  
2835              if ( 1 === count( $problem_fields ) ) {
2836                  $this->last_error = sprintf(
2837                      /* translators: %s: Database field where the error occurred. */
2838                      __( 'WordPress database error: Processing the value for the following field failed: %s. The supplied value may be too long or contains invalid data.' ),
2839                      reset( $problem_fields )
2840                  );
2841              } else {
2842                  $this->last_error = sprintf(
2843                      /* translators: %s: Database fields where the error occurred. */
2844                      __( 'WordPress database error: Processing the values for the following fields failed: %s. The supplied values may be too long or contain invalid data.' ),
2845                      implode( ', ', $problem_fields )
2846                  );
2847              }
2848  
2849              return false;
2850          }
2851  
2852          return $data;
2853      }
2854  
2855      /**
2856       * Prepares arrays of value/format pairs as passed to wpdb CRUD methods.
2857       *
2858       * @since 4.2.0
2859       *
2860       * @param array           $data   Array of values keyed by their field names.
2861       * @param string[]|string $format Formats or format to be mapped to the values in the data.
2862       * @return array {
2863       *     Array of values and formats keyed by their field names.
2864       *
2865       *     @type mixed  $value  The value to be formatted.
2866       *     @type string $format The format to be mapped to the value.
2867       * }
2868       */
2869  	protected function process_field_formats( $data, $format ) {
2870          $formats          = (array) $format;
2871          $original_formats = $formats;
2872  
2873          foreach ( $data as $field => $value ) {
2874              $value = array(
2875                  'value'  => $value,
2876                  'format' => '%s',
2877              );
2878  
2879              if ( ! empty( $format ) ) {
2880                  $value['format'] = array_shift( $formats );
2881                  if ( ! $value['format'] ) {
2882                      $value['format'] = reset( $original_formats );
2883                  }
2884              } elseif ( isset( $this->field_types[ $field ] ) ) {
2885                  $value['format'] = $this->field_types[ $field ];
2886              }
2887  
2888              $data[ $field ] = $value;
2889          }
2890  
2891          return $data;
2892      }
2893  
2894      /**
2895       * Adds field charsets to field/value/format arrays generated by wpdb::process_field_formats().
2896       *
2897       * @since 4.2.0
2898       *
2899       * @param array $data {
2900       *     Array of values and formats keyed by their field names,
2901       *     as it comes from the wpdb::process_field_formats() method.
2902       *
2903       *     @type array ...$0 {
2904       *         Value and format for this field.
2905       *
2906       *         @type mixed  $value  The value to be formatted.
2907       *         @type string $format The format to be mapped to the value.
2908       *     }
2909       * }
2910       * @param string $table Table name.
2911       * @return array|false {
2912       *     The same array of data with additional 'charset' keys, or false if
2913       *     the charset for the table cannot be found.
2914       *
2915       *     @type array ...$0 {
2916       *         Value, format, and charset for this field.
2917       *
2918       *         @type mixed        $value   The value to be formatted.
2919       *         @type string       $format  The format to be mapped to the value.
2920       *         @type string|false $charset The charset to be used for the value.
2921       *     }
2922       * }
2923       */
2924  	protected function process_field_charsets( $data, $table ) {
2925          foreach ( $data as $field => $value ) {
2926              if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
2927                  /*
2928                   * We can skip this field if we know it isn't a string.
2929                   * This checks %d/%f versus ! %s because its sprintf() could take more.
2930                   */
2931                  $value['charset'] = false;
2932              } else {
2933                  $value['charset'] = $this->get_col_charset( $table, $field );
2934                  if ( is_wp_error( $value['charset'] ) ) {
2935                      return false;
2936                  }
2937              }
2938  
2939              $data[ $field ] = $value;
2940          }
2941  
2942          return $data;
2943      }
2944  
2945      /**
2946       * For string fields, records the maximum string length that field can safely save.
2947       *
2948       * @since 4.2.1
2949       *
2950       * @param array $data {
2951       *     Array of values, formats, and charsets keyed by their field names,
2952       *     as it comes from the wpdb::process_field_charsets() method.
2953       *
2954       *     @type array ...$0 {
2955       *         Value, format, and charset for this field.
2956       *
2957       *         @type mixed        $value   The value to be formatted.
2958       *         @type string       $format  The format to be mapped to the value.
2959       *         @type string|false $charset The charset to be used for the value.
2960       *     }
2961       * }
2962       * @param string $table Table name.
2963       * @return array|false {
2964       *     The same array of data with additional 'length' keys, or false if
2965       *     information for the table cannot be found.
2966       *
2967       *     @type array ...$0 {
2968       *         Value, format, charset, and length for this field.
2969       *
2970       *         @type mixed        $value   The value to be formatted.
2971       *         @type string       $format  The format to be mapped to the value.
2972       *         @type string|false $charset The charset to be used for the value.
2973       *         @type array|false  $length  {
2974       *             Information about the maximum length of the value.
2975       *             False if the column has no length.
2976       *
2977       *             @type string $type   One of 'byte' or 'char'.
2978       *             @type int    $length The column length.
2979       *         }
2980       *     }
2981       * }
2982       */
2983  	protected function process_field_lengths( $data, $table ) {
2984          foreach ( $data as $field => $value ) {
2985              if ( '%d' === $value['format'] || '%f' === $value['format'] ) {
2986                  /*
2987                   * We can skip this field if we know it isn't a string.
2988                   * This checks %d/%f versus ! %s because its sprintf() could take more.
2989                   */
2990                  $value['length'] = false;
2991              } else {
2992                  $value['length'] = $this->get_col_length( $table, $field );
2993                  if ( is_wp_error( $value['length'] ) ) {
2994                      return false;
2995                  }
2996              }
2997  
2998              $data[ $field ] = $value;
2999          }
3000  
3001          return $data;
3002      }
3003  
3004      /**
3005       * Retrieves one value from the database.
3006       *
3007       * Executes a SQL query and returns the value from the SQL result.
3008       * If the SQL result contains more than one column and/or more than one row,
3009       * the value in the column and row specified is returned. If $query is null,
3010       * the value in the specified column and row from the previous SQL result is returned.
3011       *
3012       * @since 0.71
3013       *
3014       * @param string|null $query Optional. SQL query. Defaults to null, use the result from the previous query.
3015       * @param int         $x     Optional. Column of value to return. Indexed from 0. Default 0.
3016       * @param int         $y     Optional. Row of value to return. Indexed from 0. Default 0.
3017       * @return string|null Database query result (as string), or null on failure.
3018       */
3019  	public function get_var( $query = null, $x = 0, $y = 0 ) {
3020          $this->func_call = "\$db->get_var(\"$query\", $x, $y)";
3021  
3022          if ( $query ) {
3023              if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
3024                  $this->check_current_query = false;
3025              }
3026  
3027              $this->query( $query );
3028          }
3029  
3030          // Extract var out of cached results based on x,y vals.
3031          if ( ! empty( $this->last_result[ $y ] ) ) {
3032              $values = array_values( get_object_vars( $this->last_result[ $y ] ) );
3033          }
3034  
3035          // If there is a value return it, else return null.
3036          return ( isset( $values[ $x ] ) && '' !== $values[ $x ] ) ? $values[ $x ] : null;
3037      }
3038  
3039      /**
3040       * Retrieves one row from the database.
3041       *
3042       * Executes a SQL query and returns the row from the SQL result.
3043       *
3044       * @since 0.71
3045       *
3046       * @param string|null $query  SQL query.
3047       * @param string      $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which
3048       *                            correspond to an stdClass object, an associative array, or a numeric array,
3049       *                            respectively. Default OBJECT.
3050       * @param int         $y      Optional. Row to return. Indexed from 0. Default 0.
3051       * @return array|object|null|void Database query result in format specified by $output or null on failure.
3052       */
3053  	public function get_row( $query = null, $output = OBJECT, $y = 0 ) {
3054          $this->func_call = "\$db->get_row(\"$query\",$output,$y)";
3055  
3056          if ( $query ) {
3057              if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
3058                  $this->check_current_query = false;
3059              }
3060  
3061              $this->query( $query );
3062          } else {
3063              return null;
3064          }
3065  
3066          if ( ! isset( $this->last_result[ $y ] ) ) {
3067              return null;
3068          }
3069  
3070          if ( OBJECT === $output ) {
3071              return $this->last_result[ $y ] ? $this->last_result[ $y ] : null;
3072          } elseif ( ARRAY_A === $output ) {
3073              return $this->last_result[ $y ] ? get_object_vars( $this->last_result[ $y ] ) : null;
3074          } elseif ( ARRAY_N === $output ) {
3075              return $this->last_result[ $y ] ? array_values( get_object_vars( $this->last_result[ $y ] ) ) : null;
3076          } elseif ( OBJECT === strtoupper( $output ) ) {
3077              // Back compat for OBJECT being previously case-insensitive.
3078              return $this->last_result[ $y ] ? $this->last_result[ $y ] : null;
3079          } else {
3080              $this->print_error( ' $db->get_row(string query, output type, int offset) -- Output type must be one of: OBJECT, ARRAY_A, ARRAY_N' );
3081          }
3082      }
3083  
3084      /**
3085       * Retrieves one column from the database.
3086       *
3087       * Executes a SQL query and returns the column from the SQL result.
3088       * If the SQL result contains more than one column, the column specified is returned.
3089       * If $query is null, the specified column from the previous SQL result is returned.
3090       *
3091       * @since 0.71
3092       *
3093       * @param string|null $query Optional. SQL query. Defaults to previous query.
3094       * @param int         $x     Optional. Column to return. Indexed from 0. Default 0.
3095       * @return array Database query result. Array indexed from 0 by SQL result row number.
3096       */
3097  	public function get_col( $query = null, $x = 0 ) {
3098          if ( $query ) {
3099              if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
3100                  $this->check_current_query = false;
3101              }
3102  
3103              $this->query( $query );
3104          }
3105  
3106          $new_array = array();
3107          // Extract the column values.
3108          if ( $this->last_result ) {
3109              for ( $i = 0, $j = count( $this->last_result ); $i < $j; $i++ ) {
3110                  $new_array[ $i ] = $this->get_var( null, $x, $i );
3111              }
3112          }
3113          return $new_array;
3114      }
3115  
3116      /**
3117       * Retrieves an entire SQL result set from the database (i.e., many rows).
3118       *
3119       * Executes a SQL query and returns the entire SQL result.
3120       *
3121       * @since 0.71
3122       *
3123       * @param string $query  SQL query.
3124       * @param string $output Optional. Any of ARRAY_A | ARRAY_N | OBJECT | OBJECT_K constants.
3125       *                       With one of the first three, return an array of rows indexed
3126       *                       from 0 by SQL result row number. Each row is an associative array
3127       *                       (column => value, ...), a numerically indexed array (0 => value, ...),
3128       *                       or an object ( ->column = value ), respectively. With OBJECT_K,
3129       *                       return an associative array of row objects keyed by the value
3130       *                       of each row's first column's value. Duplicate keys are discarded.
3131       *                       Default OBJECT.
3132       * @return array|object|null Database query results.
3133       */
3134  	public function get_results( $query = null, $output = OBJECT ) {
3135          $this->func_call = "\$db->get_results(\"$query\", $output)";
3136  
3137          if ( $query ) {
3138              if ( $this->check_current_query && $this->check_safe_collation( $query ) ) {
3139                  $this->check_current_query = false;
3140              }
3141  
3142              $this->query( $query );
3143          } else {
3144              return null;
3145          }
3146  
3147          $new_array = array();
3148          if ( OBJECT === $output ) {
3149              // Return an integer-keyed array of row objects.
3150              return $this->last_result;
3151          } elseif ( OBJECT_K === $output ) {
3152              /*
3153               * Return an array of row objects with keys from column 1.
3154               * (Duplicates are discarded.)
3155               */
3156              if ( $this->last_result ) {
3157                  foreach ( $this->last_result as $row ) {
3158                      $var_by_ref = get_object_vars( $row );
3159                      $key        = array_shift( $var_by_ref );
3160                      if ( ! isset( $new_array[ $key ] ) ) {
3161                          $new_array[ $key ] = $row;
3162                      }
3163                  }
3164              }
3165              return $new_array;
3166          } elseif ( ARRAY_A === $output || ARRAY_N === $output ) {
3167              // Return an integer-keyed array of...
3168              if ( $this->last_result ) {
3169                  if ( ARRAY_N === $output ) {
3170                      foreach ( (array) $this->last_result as $row ) {
3171                          // ...integer-keyed row arrays.
3172                          $new_array[] = array_values( get_object_vars( $row ) );
3173                      }
3174                  } else {
3175                      foreach ( (array) $this->last_result as $row ) {
3176                          // ...column name-keyed row arrays.
3177                          $new_array[] = get_object_vars( $row );
3178                      }
3179                  }
3180              }
3181              return $new_array;
3182          } elseif ( strtoupper( $output ) === OBJECT ) {
3183              // Back compat for OBJECT being previously case-insensitive.
3184              return $this->last_result;
3185          }
3186          return null;
3187      }
3188  
3189      /**
3190       * Retrieves the character set for the given table.
3191       *
3192       * @since 4.2.0
3193       *
3194       * @param string $table Table name.
3195       * @return string|WP_Error Table character set, WP_Error object if it couldn't be found.
3196       */
3197  	protected function get_table_charset( $table ) {
3198          $tablekey = strtolower( $table );
3199  
3200          /**
3201           * Filters the table charset value before the DB is checked.
3202           *
3203           * Returning a non-null value from the filter will effectively short-circuit
3204           * checking the DB for the charset, returning that value instead.
3205           *
3206           * @since 4.2.0
3207           *
3208           * @param string|WP_Error|null $charset The character set to use, WP_Error object
3209           *                                      if it couldn't be found. Default null.
3210           * @param string               $table   The name of the table being checked.
3211           */
3212          $charset = apply_filters( 'pre_get_table_charset', null, $table );
3213          if ( null !== $charset ) {
3214              return $charset;
3215          }
3216  
3217          if ( isset( $this->table_charset[ $tablekey ] ) ) {
3218              return $this->table_charset[ $tablekey ];
3219          }
3220  
3221          $charsets = array();
3222          $columns  = array();
3223  
3224          $table_parts = explode( '.', $table );
3225          $table       = '`' . implode( '`.`', $table_parts ) . '`';
3226          $results     = $this->get_results( "SHOW FULL COLUMNS FROM $table" );
3227          if ( ! $results ) {
3228              return new WP_Error( 'wpdb_get_table_charset_failure', __( 'Could not retrieve table charset.' ) );
3229          }
3230  
3231          foreach ( $results as $column ) {
3232              $columns[ strtolower( $column->Field ) ] = $column;
3233          }
3234  
3235          $this->col_meta[ $tablekey ] = $columns;
3236  
3237          foreach ( $columns as $column ) {
3238              if ( ! empty( $column->Collation ) ) {
3239                  list( $charset ) = explode( '_', $column->Collation );
3240  
3241                  $charsets[ strtolower( $charset ) ] = true;
3242              }
3243  
3244              list( $type ) = explode( '(', $column->Type );
3245  
3246              // A binary/blob means the whole query gets treated like this.
3247              if ( in_array( strtoupper( $type ), array( 'BINARY', 'VARBINARY', 'TINYBLOB', 'MEDIUMBLOB', 'BLOB', 'LONGBLOB' ), true ) ) {
3248                  $this->table_charset[ $tablekey ] = 'binary';
3249                  return 'binary';
3250              }
3251          }
3252  
3253          // utf8mb3 is an alias for utf8.
3254          if ( isset( $charsets['utf8mb3'] ) ) {
3255              $charsets['utf8'] = true;
3256              unset( $charsets['utf8mb3'] );
3257          }
3258  
3259          // Check if we have more than one charset in play.
3260          $count = count( $charsets );
3261          if ( 1 === $count ) {
3262              $charset = key( $charsets );
3263          } elseif ( 0 === $count ) {
3264              // No charsets, assume this table can store whatever.
3265              $charset = false;
3266          } else {
3267              // More than one charset. Remove latin1 if present and recalculate.
3268              unset( $charsets['latin1'] );
3269              $count = count( $charsets );
3270              if ( 1 === $count ) {
3271                  // Only one charset (besides latin1).
3272                  $charset = key( $charsets );
3273              } elseif ( 2 === $count && isset( $charsets['utf8'], $charsets['utf8mb4'] ) ) {
3274                  // Two charsets, but they're utf8 and utf8mb4, use utf8.
3275                  $charset = 'utf8';
3276              } else {
3277                  // Two mixed character sets. ascii.
3278                  $charset = 'ascii';
3279              }
3280          }
3281  
3282          $this->table_charset[ $tablekey ] = $charset;
3283          return $charset;
3284      }
3285  
3286      /**
3287       * Retrieves the character set for the given column.
3288       *
3289       * @since 4.2.0
3290       *
3291       * @param string $table  Table name.
3292       * @param string $column Column name.
3293       * @return string|false|WP_Error Column character set as a string. False if the column has
3294       *                               no character set. WP_Error object if there was an error.
3295       */
3296  	public function get_col_charset( $table, $column ) {
3297          $tablekey  = strtolower( $table );
3298          $columnkey = strtolower( $column );
3299  
3300          /**
3301           * Filters the column charset value before the DB is checked.
3302           *
3303           * Passing a non-null value to the filter will short-circuit
3304           * checking the DB for the charset, returning that value instead.
3305           *
3306           * @since 4.2.0
3307           *
3308           * @param string|null|false|WP_Error $charset The character set to use. Default null.
3309           * @param string                     $table   The name of the table being checked.
3310           * @param string                     $column  The name of the column being checked.
3311           */
3312          $charset = apply_filters( 'pre_get_col_charset', null, $table, $column );
3313          if ( null !== $charset ) {
3314              return $charset;
3315          }
3316  
3317          // Skip this entirely if this isn't a MySQL database.
3318          if ( empty( $this->is_mysql ) ) {
3319              return false;
3320          }
3321  
3322          if ( empty( $this->table_charset[ $tablekey ] ) ) {
3323              // This primes column information for us.
3324              $table_charset = $this->get_table_charset( $table );
3325              if ( is_wp_error( $table_charset ) ) {
3326                  return $table_charset;
3327              }
3328          }
3329  
3330          // If still no column information, return the table charset.
3331          if ( empty( $this->col_meta[ $tablekey ] ) ) {
3332              return $this->table_charset[ $tablekey ];
3333          }
3334  
3335          // If this column doesn't exist, return the table charset.
3336          if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
3337              return $this->table_charset[ $tablekey ];
3338          }
3339  
3340          // Return false when it's not a string column.
3341          if ( empty( $this->col_meta[ $tablekey ][ $columnkey ]->Collation ) ) {
3342              return false;
3343          }
3344  
3345          list( $charset ) = explode( '_', $this->col_meta[ $tablekey ][ $columnkey ]->Collation );
3346          return $charset;
3347      }
3348  
3349      /**
3350       * Retrieves the maximum string length allowed in a given column.
3351       *
3352       * The length may either be specified as a byte length or a character length.
3353       *
3354       * @since 4.2.1
3355       *
3356       * @param string $table  Table name.
3357       * @param string $column Column name.
3358       * @return array|false|WP_Error {
3359       *     Array of column length information, false if the column has no length (for
3360       *     example, numeric column), WP_Error object if there was an error.
3361       *
3362       *     @type string $type   One of 'byte' or 'char'.
3363       *     @type int    $length The column length.
3364       * }
3365       */
3366  	public function get_col_length( $table, $column ) {
3367          $tablekey  = strtolower( $table );
3368          $columnkey = strtolower( $column );
3369  
3370          // Skip this entirely if this isn't a MySQL database.
3371          if ( empty( $this->is_mysql ) ) {
3372              return false;
3373          }
3374  
3375          if ( empty( $this->col_meta[ $tablekey ] ) ) {
3376              // This primes column information for us.
3377              $table_charset = $this->get_table_charset( $table );
3378              if ( is_wp_error( $table_charset ) ) {
3379                  return $table_charset;
3380              }
3381          }
3382  
3383          if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) {
3384              return false;
3385          }
3386  
3387          $typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type );
3388  
3389          $type = strtolower( $typeinfo[0] );
3390          if ( ! empty( $typeinfo[1] ) ) {
3391              $length = trim( $typeinfo[1], ')' );
3392          } else {
3393              $length = false;
3394          }
3395  
3396          switch ( $type ) {
3397              case 'char':
3398              case 'varchar':
3399                  return array(
3400                      'type'   => 'char',
3401                      'length' => (int) $length,
3402                  );
3403  
3404              case 'binary':
3405              case 'varbinary':
3406                  return array(
3407                      'type'   => 'byte',
3408                      'length' => (int) $length,
3409                  );
3410  
3411              case 'tinyblob':
3412              case 'tinytext':
3413                  return array(
3414                      'type'   => 'byte',
3415                      'length' => 255,        // 2^8 - 1
3416                  );
3417  
3418              case 'blob':
3419              case 'text':
3420                  return array(
3421                      'type'   => 'byte',
3422                      'length' => 65535,      // 2^16 - 1
3423                  );
3424  
3425              case 'mediumblob':
3426              case 'mediumtext':
3427                  return array(
3428                      'type'   => 'byte',
3429                      'length' => 16777215,   // 2^24 - 1
3430                  );
3431  
3432              case 'longblob':
3433              case 'longtext':
3434                  return array(
3435                      'type'   => 'byte',
3436                      'length' => 4294967295, // 2^32 - 1
3437                  );
3438  
3439              default:
3440                  return false;
3441          }
3442      }
3443  
3444      /**
3445       * Checks if a string is ASCII.
3446       *
3447       * The negative regex is faster for non-ASCII strings, as it allows
3448       * the search to finish as soon as it encounters a non-ASCII character.
3449       *
3450       * @since 4.2.0
3451       *
3452       * @param string $input_string String to check.
3453       * @return bool True if ASCII, false if not.
3454       */
3455  	protected function check_ascii( $input_string ) {
3456          if ( function_exists( 'mb_check_encoding' ) ) {
3457              if ( mb_check_encoding( $input_string, 'ASCII' ) ) {
3458                  return true;
3459              }
3460          } elseif ( ! preg_match( '/[^\x00-\x7F]/', $input_string ) ) {
3461              return true;
3462          }
3463  
3464          return false;
3465      }
3466  
3467      /**
3468       * Checks if the query is accessing a collation considered safe on the current version of MySQL.
3469       *
3470       * @since 4.2.0
3471       *
3472       * @param string $query The query to check.
3473       * @return bool True if the collation is safe, false if it isn't.
3474       */
3475  	protected function check_safe_collation( $query ) {
3476          if ( $this->checking_collation ) {
3477              return true;
3478          }
3479  
3480          // We don't need to check the collation for queries that don't read data.
3481          $query = ltrim( $query, "\r\n\t (" );
3482          if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) {
3483              return true;
3484          }
3485  
3486          // All-ASCII queries don't need extra checking.
3487          if ( $this->check_ascii( $query ) ) {
3488              return true;
3489          }
3490  
3491          $table = $this->get_table_from_query( $query );
3492          if ( ! $table ) {
3493              return false;
3494          }
3495  
3496          $this->checking_collation = true;
3497          $collation                = $this->get_table_charset( $table );
3498          $this->checking_collation = false;
3499  
3500          // Tables with no collation, or latin1 only, don't need extra checking.
3501          if ( false === $collation || 'latin1' === $collation ) {
3502              return true;
3503          }
3504  
3505          $table = strtolower( $table );
3506          if ( empty( $this->col_meta[ $table ] ) ) {
3507              return false;
3508          }
3509  
3510          // If any of the columns don't have one of these collations, it needs more confidence checking.
3511          $safe_collations = array(
3512              'utf8_bin',
3513              'utf8_general_ci',
3514              'utf8mb3_bin',
3515              'utf8mb3_general_ci',
3516              'utf8mb4_bin',
3517              'utf8mb4_general_ci',
3518          );
3519  
3520          foreach ( $this->col_meta[ $table ] as $col ) {
3521              if ( empty( $col->Collation ) ) {
3522                  continue;
3523              }
3524  
3525              if ( ! in_array( $col->Collation, $safe_collations, true ) ) {
3526                  return false;
3527              }
3528          }
3529  
3530          return true;
3531      }
3532  
3533      /**
3534       * Strips any invalid characters based on value/charset pairs.
3535       *
3536       * @since 4.2.0
3537       *
3538       * @param array $data Array of value arrays. Each value array has the keys 'value', 'charset', and 'length'.
3539       *                    An optional 'ascii' key can be set to false to avoid redundant ASCII checks.
3540       * @return array|WP_Error The $data parameter, with invalid characters removed from each value.
3541       *                        This works as a passthrough: any additional keys such as 'field' are
3542       *                        retained in each value array. If we cannot remove invalid characters,
3543       *                        a WP_Error object is returned.
3544       */
3545  	protected function strip_invalid_text( $data ) {
3546          $db_check_string = false;
3547  
3548          foreach ( $data as &$value ) {
3549              $charset = $value['charset'];
3550  
3551              if ( is_array( $value['length'] ) ) {
3552                  $length                  = $value['length']['length'];
3553                  $truncate_by_byte_length = 'byte' === $value['length']['type'];
3554              } else {
3555                  $length = false;
3556                  /*
3557                   * Since we have no length, we'll never truncate. Initialize the variable to false.
3558                   * True would take us through an unnecessary (for this case) codepath below.
3559                   */
3560                  $truncate_by_byte_length = false;
3561              }
3562  
3563              // There's no charset to work with.
3564              if ( false === $charset ) {
3565                  continue;
3566              }
3567  
3568              // Column isn't a string.
3569              if ( ! is_string( $value['value'] ) ) {
3570                  continue;
3571              }
3572  
3573              $needs_validation = true;
3574              if (
3575                  // latin1 can store any byte sequence.
3576                  'latin1' === $charset
3577              ||
3578                  // ASCII is always OK.
3579                  ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) )
3580              ) {
3581                  $truncate_by_byte_length = true;
3582                  $needs_validation        = false;
3583              }
3584  
3585              if ( $truncate_by_byte_length ) {
3586                  mbstring_binary_safe_encoding();
3587                  if ( false !== $length && strlen( $value['value'] ) > $length ) {
3588                      $value['value'] = substr( $value['value'], 0, $length );
3589                  }
3590                  reset_mbstring_encoding();
3591  
3592                  if ( ! $needs_validation ) {
3593                      continue;
3594                  }
3595              }
3596  
3597              // utf8 can be handled by regex, which is a bunch faster than a DB lookup.
3598              if ( ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) && function_exists( 'mb_strlen' ) ) {
3599                  $regex = '/
3600                      (
3601                          (?: [\x00-\x7F]                  # single-byte sequences   0xxxxxxx
3602                          |   [\xC2-\xDF][\x80-\xBF]       # double-byte sequences   110xxxxx 10xxxxxx
3603                          |   \xE0[\xA0-\xBF][\x80-\xBF]   # triple-byte sequences   1110xxxx 10xxxxxx * 2
3604                          |   [\xE1-\xEC][\x80-\xBF]{2}
3605                          |   \xED[\x80-\x9F][\x80-\xBF]
3606                          |   [\xEE-\xEF][\x80-\xBF]{2}';
3607  
3608                  if ( 'utf8mb4' === $charset ) {
3609                      $regex .= '
3610                          |    \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences   11110xxx 10xxxxxx * 3
3611                          |    [\xF1-\xF3][\x80-\xBF]{3}
3612                          |    \xF4[\x80-\x8F][\x80-\xBF]{2}
3613                      ';
3614                  }
3615  
3616                  $regex         .= '){1,40}                          # ...one or more times
3617                      )
3618                      | .                                  # anything else
3619                      /x';
3620                  $value['value'] = preg_replace( $regex, '$1', $value['value'] );
3621  
3622                  if ( false !== $length && mb_strlen( $value['value'], 'UTF-8' ) > $length ) {
3623                      $value['value'] = mb_substr( $value['value'], 0, $length, 'UTF-8' );
3624                  }
3625                  continue;
3626              }
3627  
3628              // We couldn't use any local conversions, send it to the DB.
3629              $value['db']     = true;
3630              $db_check_string = true;
3631          }
3632          unset( $value ); // Remove by reference.
3633  
3634          if ( $db_check_string ) {
3635              $queries = array();
3636              foreach ( $data as $col => $value ) {
3637                  if ( ! empty( $value['db'] ) ) {
3638                      // We're going to need to truncate by characters or bytes, depending on the length value we have.
3639                      if ( isset( $value['length']['type'] ) && 'byte' === $value['length']['type'] ) {
3640                          // Using binary causes LEFT() to truncate by bytes.
3641                          $charset = 'binary';
3642                      } else {
3643                          $charset = $value['charset'];
3644                      }
3645  
3646                      if ( $this->charset ) {
3647                          $connection_charset = $this->charset;
3648                      } else {
3649                          $connection_charset = mysqli_character_set_name( $this->dbh );
3650                      }
3651  
3652                      if ( is_array( $value['length'] ) ) {
3653                          $length          = sprintf( '%.0f', $value['length']['length'] );
3654                          $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), $length ) USING $connection_charset )", $value['value'] );
3655                      } elseif ( 'binary' !== $charset ) {
3656                          // If we don't have a length, there's no need to convert binary - it will always return the same result.
3657                          $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING $connection_charset )", $value['value'] );
3658                      }
3659  
3660                      unset( $data[ $col ]['db'] );
3661                  }
3662              }
3663  
3664              $sql = array();
3665              foreach ( $queries as $column => $query ) {
3666                  if ( ! $query ) {
3667                      continue;
3668                  }
3669  
3670                  $sql[] = $query . " AS x_$column";
3671              }
3672  
3673              $this->check_current_query = false;
3674              $row                       = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A );
3675              if ( ! $row ) {
3676                  return new WP_Error( 'wpdb_strip_invalid_text_failure', __( 'Could not strip invalid text.' ) );
3677              }
3678  
3679              foreach ( array_keys( $data ) as $column ) {
3680                  if ( isset( $row[ "x_$column" ] ) ) {
3681                      $data[ $column ]['value'] = $row[ "x_$column" ];
3682                  }
3683              }
3684          }
3685  
3686          return $data;
3687      }
3688  
3689      /**
3690       * Strips any invalid characters from the query.
3691       *
3692       * @since 4.2.0
3693       *
3694       * @param string $query Query to convert.
3695       * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails.
3696       */
3697  	protected function strip_invalid_text_from_query( $query ) {
3698          // We don't need to check the collation for queries that don't read data.
3699          $trimmed_query = ltrim( $query, "\r\n\t (" );
3700          if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) {
3701              return $query;
3702          }
3703  
3704          $table = $this->get_table_from_query( $query );
3705          if ( $table ) {
3706              $charset = $this->get_table_charset( $table );
3707              if ( is_wp_error( $charset ) ) {
3708                  return $charset;
3709              }
3710  
3711              // We can't reliably strip text from tables containing binary/blob columns.
3712              if ( 'binary' === $charset ) {
3713                  return $query;
3714              }
3715          } else {
3716              $charset = $this->charset;
3717          }
3718  
3719          $data = array(
3720              'value'   => $query,
3721              'charset' => $charset,
3722              'ascii'   => false,
3723              'length'  => false,
3724          );
3725  
3726          $data = $this->strip_invalid_text( array( $data ) );
3727          if ( is_wp_error( $data ) ) {
3728              return $data;
3729          }
3730  
3731          return $data[0]['value'];
3732      }
3733  
3734      /**
3735       * Strips any invalid characters from the string for a given table and column.
3736       *
3737       * @since 4.2.0
3738       *
3739       * @param string $table  Table name.
3740       * @param string $column Column name.
3741       * @param string $value  The text to check.
3742       * @return string|WP_Error The converted string, or a WP_Error object if the conversion fails.
3743       */
3744  	public function strip_invalid_text_for_column( $table, $column, $value ) {
3745          if ( ! is_string( $value ) ) {
3746              return $value;
3747          }
3748  
3749          $charset = $this->get_col_charset( $table, $column );
3750          if ( ! $charset ) {
3751              // Not a string column.
3752              return $value;
3753          } elseif ( is_wp_error( $charset ) ) {
3754              // Bail on real errors.
3755              return $charset;
3756          }
3757  
3758          $data = array(
3759              $column => array(
3760                  'value'   => $value,
3761                  'charset' => $charset,
3762                  'length'  => $this->get_col_length( $table, $column ),
3763              ),
3764          );
3765  
3766          $data = $this->strip_invalid_text( $data );
3767          if ( is_wp_error( $data ) ) {
3768              return $data;
3769          }
3770  
3771          return $data[ $column ]['value'];
3772      }
3773  
3774      /**
3775       * Finds the first table name referenced in a query.
3776       *
3777       * @since 4.2.0
3778       *
3779       * @param string $query The query to search.
3780       * @return string|false The table name found, or false if a table couldn't be found.
3781       */
3782  	protected function get_table_from_query( $query ) {
3783          // Remove characters that can legally trail the table name.
3784          $query = rtrim( $query, ';/-#' );
3785  
3786          // Allow (select...) union [...] style queries. Use the first query's table name.
3787          $query = ltrim( $query, "\r\n\t (" );
3788  
3789          // Strip everything between parentheses except nested selects.
3790          $query = preg_replace( '/\((?!\s*select)[^(]*?\)/is', '()', $query );
3791  
3792          // Quickly match most common queries.
3793          if ( preg_match(
3794              '/^\s*(?:'
3795                  . 'SELECT.*?\s+FROM'
3796                  . '|INSERT(?:\s+LOW_PRIORITY|\s+DELAYED|\s+HIGH_PRIORITY)?(?:\s+IGNORE)?(?:\s+INTO)?'
3797                  . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?'
3798                  . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?'
3799                  . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:.+?FROM)?'
3800              . ')\s+((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)/is',
3801              $query,
3802              $maybe
3803          ) ) {
3804              return str_replace( '`', '', $maybe[1] );
3805          }
3806  
3807          // SHOW TABLE STATUS and SHOW TABLES WHERE Name = 'wp_posts'
3808          if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES).+WHERE\s+Name\s*=\s*("|\')((?:[0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)\\1/is', $query, $maybe ) ) {
3809              return $maybe[2];
3810          }
3811  
3812          /*
3813           * SHOW TABLE STATUS LIKE and SHOW TABLES LIKE 'wp\_123\_%'
3814           * This quoted LIKE operand seldom holds a full table name.
3815           * It is usually a pattern for matching a prefix so we just
3816           * strip the trailing % and unescape the _ to get 'wp_123_'
3817           * which drop-ins can use for routing these SQL statements.
3818           */
3819          if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES)\s+(?:WHERE\s+Name\s+)?LIKE\s*("|\')((?:[\\\\0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)%?\\1/is', $query, $maybe ) ) {
3820              return str_replace( '\\_', '_', $maybe[2] );
3821          }
3822  
3823          // Big pattern for the rest of the table-related queries.
3824          if ( preg_match(
3825              '/^\s*(?:'
3826                  . '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM'
3827                  . '|DESCRIBE|DESC|EXPLAIN|HANDLER'
3828                  . '|(?:LOCK|UNLOCK)\s+TABLE(?:S)?'
3829                  . '|(?:RENAME|OPTIMIZE|BACKUP|RESTORE|CHECK|CHECKSUM|ANALYZE|REPAIR).*\s+TABLE'
3830                  . '|TRUNCATE(?:\s+TABLE)?'
3831                  . '|CREATE(?:\s+TEMPORARY)?\s+TABLE(?:\s+IF\s+NOT\s+EXISTS)?'
3832                  . '|ALTER(?:\s+IGNORE)?\s+TABLE'
3833                  . '|DROP\s+TABLE(?:\s+IF\s+EXISTS)?'
3834                  . '|CREATE(?:\s+\w+)?\s+INDEX.*\s+ON'
3835                  . '|DROP\s+INDEX.*\s+ON'
3836                  . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE'
3837                  . '|(?:GRANT|REVOKE).*ON\s+TABLE'
3838                  . '|SHOW\s+(?:.*FROM|.*TABLE)'
3839              . ')\s+\(*\s*((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\s*\)*/is',
3840              $query,
3841              $maybe
3842          ) ) {
3843              return str_replace( '`', '', $maybe[1] );
3844          }
3845  
3846          return false;
3847      }
3848  
3849      /**
3850       * Loads the column metadata from the last query.
3851       *
3852       * @since 3.5.0
3853       */
3854  	protected function load_col_info() {
3855          if ( $this->col_info ) {
3856              return;
3857          }
3858  
3859          $num_fields = mysqli_num_fields( $this->result );
3860  
3861          for ( $i = 0; $i < $num_fields; $i++ ) {
3862              $this->col_info[ $i ] = mysqli_fetch_field( $this->result );
3863          }
3864      }
3865  
3866      /**
3867       * Retrieves column metadata from the last query.
3868       *
3869       * @since 0.71
3870       *
3871       * @param string $info_type  Optional. Possible values include 'name', 'table', 'def', 'max_length',
3872       *                           'not_null', 'primary_key', 'multiple_key', 'unique_key', 'numeric',
3873       *                           'blob', 'type', 'unsigned', 'zerofill'. Default 'name'.
3874       * @param int    $col_offset Optional. 0: col name. 1: which table the col's in. 2: col's max length.
3875       *                           3: if the col is numeric. 4: col's type. Default -1.
3876       * @return mixed Column results.
3877       */
3878  	public function get_col_info( $info_type = 'name', $col_offset = -1 ) {
3879          $this->load_col_info();
3880  
3881          if ( $this->col_info ) {
3882              if ( -1 === $col_offset ) {
3883                  $i         = 0;
3884                  $new_array = array();
3885                  foreach ( (array) $this->col_info as $col ) {
3886                      $new_array[ $i ] = $col->{$info_type};
3887                      ++$i;
3888                  }
3889                  return $new_array;
3890              } else {
3891                  return $this->col_info[ $col_offset ]->{$info_type};
3892              }
3893          }
3894      }
3895  
3896      /**
3897       * Starts the timer, for debugging purposes.
3898       *
3899       * @since 1.5.0
3900       *
3901       * @return true
3902       */
3903  	public function timer_start() {
3904          $this->time_start = microtime( true );
3905          return true;
3906      }
3907  
3908      /**
3909       * Stops the debugging timer.
3910       *
3911       * @since 1.5.0
3912       *
3913       * @return float Total time spent on the query, in seconds.
3914       */
3915  	public function timer_stop() {
3916          return ( microtime( true ) - $this->time_start );
3917      }
3918  
3919      /**
3920       * Wraps errors in a nice header and footer and dies.
3921       *
3922       * Will not die if wpdb::$show_errors is false.
3923       *
3924       * @since 1.5.0
3925       *
3926       * @param string $message    The error message.
3927       * @param string $error_code Optional. A computer-readable string to identify the error.
3928       *                           Default '500'.
3929       * @return void|false Void if the showing of errors is enabled, false if disabled.
3930       */
3931  	public function bail( $message, $error_code = '500' ) {
3932          if ( $this->show_errors ) {
3933              $error = '';
3934  
3935              if ( $this->dbh instanceof mysqli ) {
3936                  $error = mysqli_error( $this->dbh );
3937              } elseif ( mysqli_connect_errno() ) {
3938                  $error = mysqli_connect_error();
3939              }
3940  
3941              if ( $error ) {
3942                  $message = '<p><code>' . $error . "</code></p>\n" . $message;
3943              }
3944  
3945              wp_die( $message );
3946          } else {
3947              if ( class_exists( 'WP_Error', false ) ) {
3948                  $this->error = new WP_Error( $error_code, $message );
3949              } else {
3950                  $this->error = $message;
3951              }
3952  
3953              return false;
3954          }
3955      }
3956  
3957      /**
3958       * Closes the current database connection.
3959       *
3960       * @since 4.5.0
3961       *
3962       * @return bool True if the connection was successfully closed,
3963       *              false if it wasn't, or if the connection doesn't exist.
3964       */
3965  	public function close() {
3966          if ( ! $this->dbh ) {
3967              return false;
3968          }
3969  
3970          $closed = mysqli_close( $this->dbh );
3971  
3972          if ( $closed ) {
3973              $this->dbh           = null;
3974              $this->ready         = false;
3975              $this->has_connected = false;
3976          }
3977  
3978          return $closed;
3979      }
3980  
3981      /**
3982       * Determines whether MySQL database is at least the required minimum version.
3983       *
3984       * @since 2.5.0
3985       *
3986       * @global string $required_mysql_version The required MySQL version string.
3987       * @return void|WP_Error
3988       */
3989  	public function check_database_version() {
3990          global $required_mysql_version;
3991          $wp_version = wp_get_wp_version();
3992  
3993          // Make sure the server has the required MySQL version.
3994          if ( version_compare( $this->db_version(), $required_mysql_version, '<' ) ) {
3995              /* translators: 1: WordPress version number, 2: Minimum required MySQL version number. */
3996              return new WP_Error( 'database_version', sprintf( __( '<strong>Error:</strong> WordPress %1$s requires MySQL %2$s or higher' ), $wp_version, $required_mysql_version ) );
3997          }
3998      }
3999  
4000      /**
4001       * Determines whether the database supports collation.
4002       *
4003       * Called when WordPress is generating the table scheme.
4004       *
4005       * Use `wpdb::has_cap( 'collation' )`.
4006       *
4007       * @since 2.5.0
4008       * @deprecated 3.5.0 Use wpdb::has_cap()
4009       *
4010       * @return bool True if collation is supported, false if not.
4011       */
4012  	public function supports_collation() {
4013          _deprecated_function( __FUNCTION__, '3.5.0', 'wpdb::has_cap( \'collation\' )' );
4014          return $this->has_cap( 'collation' );
4015      }
4016  
4017      /**
4018       * Retrieves the database character collate.
4019       *
4020       * @since 3.5.0
4021       *
4022       * @return string The database character collate.
4023       */
4024  	public function get_charset_collate() {
4025          $charset_collate = '';
4026  
4027          if ( ! empty( $this->charset ) ) {
4028              $charset_collate = "DEFAULT CHARACTER SET $this->charset";
4029          }
4030          if ( ! empty( $this->collate ) ) {
4031              $charset_collate .= " COLLATE $this->collate";
4032          }
4033  
4034          return $charset_collate;
4035      }
4036  
4037      /**
4038       * Determines whether the database or WPDB supports a particular feature.
4039       *
4040       * Capability sniffs for the database server and current version of WPDB.
4041       *
4042       * Database sniffs are based on the version of MySQL the site is using.
4043       *
4044       * WPDB sniffs are added as new features are introduced to allow theme and plugin
4045       * developers to determine feature support. This is to account for drop-ins which may
4046       * introduce feature support at a different time to WordPress.
4047       *
4048       * @since 2.7.0
4049       * @since 4.1.0 Added support for the 'utf8mb4' feature.
4050       * @since 4.6.0 Added support for the 'utf8mb4_520' feature.
4051       * @since 6.2.0 Added support for the 'identifier_placeholders' feature.
4052       * @since 6.6.0 The `utf8mb4` feature now always returns true.
4053       *
4054       * @see wpdb::db_version()
4055       *
4056       * @param string $db_cap The feature to check for. Accepts 'collation', 'group_concat',
4057       *                       'subqueries', 'set_charset', 'utf8mb4', 'utf8mb4_520',
4058       *                       or 'identifier_placeholders'.
4059       * @return bool True when the database feature is supported, false otherwise.
4060       */
4061  	public function has_cap( $db_cap ) {
4062          $db_version     = $this->db_version();
4063          $db_server_info = $this->db_server_info();
4064  
4065          /*
4066           * Account for MariaDB version being prefixed with '5.5.5-' on older PHP versions.
4067           *
4068           * Note: str_contains() is not used here, as this file can be included
4069           * directly outside of WordPress core, e.g. by HyperDB, in which case
4070           * the polyfills from wp-includes/compat.php are not loaded.
4071           */
4072          if ( '5.5.5' === $db_version && false !== strpos( $db_server_info, 'MariaDB' )
4073              && PHP_VERSION_ID < 80016 // PHP 8.0.15 or older.
4074          ) {
4075              // Strip the '5.5.5-' prefix and set the version to the correct value.
4076              $db_server_info = preg_replace( '/^5\.5\.5-(.*)/', '$1', $db_server_info );
4077              $db_version     = preg_replace( '/[^0-9.].*/', '', $db_server_info );
4078          }
4079  
4080          switch ( strtolower( $db_cap ) ) {
4081              case 'collation':    // @since 2.5.0
4082              case 'group_concat': // @since 2.7.0
4083              case 'subqueries':   // @since 2.7.0
4084                  return version_compare( $db_version, '4.1', '>=' );
4085              case 'set_charset':
4086                  return version_compare( $db_version, '5.0.7', '>=' );
4087              case 'utf8mb4':      // @since 4.1.0
4088                  return true;
4089              case 'utf8mb4_520': // @since 4.6.0
4090                  return version_compare( $db_version, '5.6', '>=' );
4091              case 'identifier_placeholders': // @since 6.2.0
4092                  /*
4093                   * As of WordPress 6.2, wpdb::prepare() supports identifiers via '%i',
4094                   * e.g. table/field names.
4095                   */
4096                  return true;
4097          }
4098  
4099          return false;
4100      }
4101  
4102      /**
4103       * Retrieves a comma-separated list of the names of the functions that called wpdb.
4104       *
4105       * @since 2.5.0
4106       *
4107       * @return string Comma-separated list of the calling functions.
4108       */
4109  	public function get_caller() {
4110          return wp_debug_backtrace_summary( __CLASS__ );
4111      }
4112  
4113      /**
4114       * Retrieves the database server version.
4115       *
4116       * @since 2.7.0
4117       *
4118       * @return string|null Version number on success, null on failure.
4119       */
4120  	public function db_version() {
4121          return preg_replace( '/[^0-9.].*/', '', $this->db_server_info() );
4122      }
4123  
4124      /**
4125       * Returns the version of the MySQL server.
4126       *
4127       * @since 5.5.0
4128       *
4129       * @return string Server version as a string.
4130       */
4131  	public function db_server_info() {
4132          return mysqli_get_server_info( $this->dbh );
4133      }
4134  }


Generated : Sat Dec 21 08:20:01 2024 Cross-referenced by PHPXref