警告:wpdb::prepare() 缺少参数 2， [英] Warning: Missing argument 2 for wpdb::prepare(),

问题描述

我两天前升级到 Wordpress 3.5.我不使用很多插件，GoDaddy 向我保证我的插件工作正常.但是，我第一次在我的博客文章中收到此错误消息.

I upgraded to Wordpress 3.5 two days ago. I don't use many plug ins, and GoDaddy assures me my plugins are working correctly. However, I'm getting this error message on my blog posts for the first time ever.

你能帮我解决这个问题吗?

Can you please help me resolve this?

警告:wpdb::prepare() 缺少参数 2，在第 91 行的/home/content/52/8331652/html/wp-content/themes/chateau-2.0/functions.php 中调用并在/home 中定义/content/52/8331652/html/wp-includes/wp-db.php 第 990 行

Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/52/8331652/html/wp-content/themes/chateau-2.0/functions.php on line 91 and defined in /home/content/52/8331652/html/wp-includes/wp-db.php on line 990

这里是其中一个页面在帖子顶部的屏幕右侧有此问题.

Here is one of the pages that has this problem on the right side of the screen at the top of the post.

感谢您提供的任何见解.

Thanks for any insight you can provide.

推荐答案

WordPress 3.5 进行了一些重大更改以降低某些安全风险，例如 SQL 注入.wpdb::prepare 方法被不安全地使用，因为插件开发人员发送完整的查询而不是分离参数.这意味着准备好的"语句没有准备好，实际上是直接将参数传递到查询中，这是一个安全禁忌.从 3.5 开始，此方法现在接受三个参数.

WordPress 3.5 had some major changes made to reduce certain security risks, such as SQL Injection. The wpdb::prepare method was being used insecurely as plug-in developers were sending complete queries instead of separating out the arguments. This meant that the 'prepared' statements were not prepared, and were actually passing parameters into the query directly, which is a security no-no. As of 3.5, this method now takes three arguments.

要解决您当前的问题，请编辑您的 php.ini 文件，找到 error_reporting 行并将其更改为以下内容...

To counter your immediate issue, edit your php.ini file, find the line for error_reporting and change it to the following...

error_reporting(E_ALL & ~(E_NOTICE|E_WARNING));

重启你的服务器.

这将防止报告所有轻微的脚本错误.

This will prevent all minor script errors from being reported.

或者，将错误发送到日志文件.在 php.ini 中，找到这一行(取消注释)，并将其更改为...

Alternatively, send errors to a log file. In php.ini, find this line (uncomment it), and change it to...

error_log "/path/to/php-error.log"

这将防止错误显示在您的网站上.相反，它们将被写入只有您可以看到的日志中.

That will prevent errors from being displayed on your web site. Instead they will be written to a log that only you can see.

如果此错误困扰您，您可以尝试让流氓插件使用虚拟值.我们可以看到 wpdb::prepare 方法接受三个参数...

If this error bothers you, you could attempt to have the rogue plug-in use dummy values. We can see that the wpdb::prepare method takes three arguments...

$wpdb->query( 
    $wpdb->prepare( 
        "
            DELETE FROM $wpdb->postmeta
            WHERE post_id = %d
            AND meta_key = %s
        ",
        13, 'stack overflow' 
    )
);

通过让受影响的插件发送一个null作为方法中的第二个和第三个参数，它将彻底解决问题.

By making the affected plug-in send a null as the second and third argument in the method, it will fix the problem completely.

这篇关于警告:wpdb::prepare() 缺少参数 2，的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！