Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Warning: Missing argument 2 for wpdb::prepare(),

Tags:

php

wordpress

I upgraded to Wordpress 3.5 two days ago. I don't use many plug ins, and GoDaddy assures me my plugins are working correctly. However, I'm getting this error message on my blog posts for the first time ever.

Can you please help me resolve this?

Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/52/8331652/html/wp-content/themes/chateau-2.0/functions.php on line 91 and defined in /home/content/52/8331652/html/wp-includes/wp-db.php on line 990

Here is one of the pages that has this problem on the right side of the screen at the top of the post.

Thanks for any insight you can provide.

like image 396
Christy Canterbury MW Avatar asked Dec 19 '12 15:12

Christy Canterbury MW


2 Answers

WordPress 3.5 had some major changes made to reduce certain security risks, such as SQL Injection. The wpdb::prepare method was being used insecurely as plug-in developers were sending complete queries instead of separating out the arguments. This meant that the 'prepared' statements were not prepared, and were actually passing parameters into the query directly, which is a security no-no. As of 3.5, this method now takes three arguments.

To counter your immediate issue, edit your php.ini file, find the line for error_reporting and change it to the following...

error_reporting(E_ALL & ~(E_NOTICE|E_WARNING));

Restart your server.

This will prevent all minor script errors from being reported.

Alternatively, send errors to a log file. In php.ini, find this line (uncomment it), and change it to...

error_log "/path/to/php-error.log"

That will prevent errors from being displayed on your web site. Instead they will be written to a log that only you can see.

If this error bothers you, you could attempt to have the rogue plug-in use dummy values. We can see that the wpdb::prepare method takes three arguments...

$wpdb->query( 
    $wpdb->prepare( 
        "
            DELETE FROM $wpdb->postmeta
            WHERE post_id = %d
            AND meta_key = %s
        ",
        13, 'stack overflow' 
    )
);

By making the affected plug-in send a null as the second and third argument in the method, it will fix the problem completely.

like image 77
Ian Atkin Avatar answered Sep 23 '22 15:09

Ian Atkin


In wp-config.php add this line:

@ini_set('display_errors', 0);

Your theme/plugin does not access the new WordPress API properly. It will still work but generate the error warning. Check out the longer explanation.

like image 43
Alex L Avatar answered Sep 22 '22 15:09

Alex L