Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Warning: Missing argument 2 for wpdb::prepare(),

Tags:

php

wordpress

I upgraded to Wordpress 3.5 two days ago. I don't use many plug ins, and GoDaddy assures me my plugins are working correctly. However, I'm getting this error message on my blog posts for the first time ever.

Can you please help me resolve this?

Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/52/8331652/html/wp-content/themes/chateau-2.0/functions.php on line 91 and defined in /home/content/52/8331652/html/wp-includes/wp-db.php on line 990

Here is one of the pages that has this problem on the right side of the screen at the top of the post.

Thanks for any insight you can provide.

like image 396
Christy Canterbury MW Avatar asked Dec 19 '12 15:12

Christy Canterbury MW

2 Answers

WordPress 3.5 had some major changes made to reduce certain security risks, such as SQL Injection. The wpdb::prepare method was being used insecurely as plug-in developers were sending complete queries instead of separating out the arguments. This meant that the 'prepared' statements were not prepared, and were actually passing parameters into the query directly, which is a security no-no. As of 3.5, this method now takes three arguments.

To counter your immediate issue, edit your php.ini file, find the line for error_reporting and change it to the following...

error_reporting(E_ALL & ~(E_NOTICE|E_WARNING));

Restart your server.

This will prevent all minor script errors from being reported.

Alternatively, send errors to a log file. In php.ini, find this line (uncomment it), and change it to...

error_log "/path/to/php-error.log"

That will prevent errors from being displayed on your web site. Instead they will be written to a log that only you can see.

If this error bothers you, you could attempt to have the rogue plug-in use dummy values. We can see that the wpdb::prepare method takes three arguments...

$wpdb->query( 
    $wpdb->prepare( 
        "
            DELETE FROM $wpdb->postmeta
            WHERE post_id = %d
            AND meta_key = %s
        ",
        13, 'stack overflow' 
    )
);

By making the affected plug-in send a null as the second and third argument in the method, it will fix the problem completely.

like image 77
Ian Atkin Avatar answered Sep 23 '22 15:09

Ian Atkin

In wp-config.php add this line:

@ini_set('display_errors', 0);

Your theme/plugin does not access the new WordPress API properly. It will still work but generate the error warning. Check out the longer explanation.

like image 43
Alex L Avatar answered Sep 22 '22 15:09

Alex L
Sign in to Comment

Related questions

WAMP Uploading large File
show stack trace in yii framework
Is it possible to check if a value exists inside an array full of objects without looping?
Requested unknown parameter '1' from the data source for row 0 in DataTables
PHP Directory Permissions Check
Converting an AM/PM time to 24 hours format using PHP or MySQL?
Convert index to grid coordinate mathematically
Login with Google Plus on My Website
How to get the innerText of an element with SimpleXml
How to add salt in user password?
PHPExcel specific cell formatting from style object
Secure file download in PHP, deny user without permission
Parse Months In Russian
Getting $_POST with Joomla 2.5
How to automatically generate salt for crypt method with blowfish
MySQLi query returns only one row
Only show if not included?
Sql select multiple values from another query
How to call a function on a variable in PHP?
Zend Framework 2 - Integer Form Validation

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!