Use wpdb prepare instead of sanitize text field

ZeekInteractive · Jun 29, 2017 · d5757ca · d5757ca
1 parent 434d873
commit d5757ca
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/composer.json b/composer.json
@@ -1,7 +1,7 @@
 {
 	"name": "zeek/wp-utils",
 	"description": "A collection of functions that provide utility functionality for WordPress.",
-	"version": "0.4.0",
+	"version": "0.4.1",
 	"type": "library",
 	"license": "proprietary",
 	"authors": [

diff --git a/utils.php b/utils.php
@@ -78,19 +78,26 @@ function get_id_from_slug( $slug, $post_type = 'post', $force = false ) {
  *
  * @return int
  */
+/**
+ * Performs a very direct, simple query that bypasses the normal WP caching
+ *
+ * @param $key
+ *
+ * @return int
+ */
 function get_raw_option_value( $key ) {
 	global $wpdb;
 
-	$sql = sprintf( "
+	$sql = $wpdb->prepare( "
 		SELECT 
 			option_value 
 		FROM 
-			wp_options 
+			{$wpdb->options}
 		WHERE 
-			option_name = '%s' 
+			option_name = %s
 		LIMIT 1
 		",
-		sanitize_text_field( $key )
+		$key
 	);
 
 	$version = $wpdb->get_var( $sql );