Mini Shell

Direktori : /home/admin/web/mcpv.demarco.ddnsfree.com/public_html/wp-includes/

Current File : /home/admin/web/mcpv.demarco.ddnsfree.com/public_html/wp-includes/class-wpdb.php

<?php /** * WordPress database access abstraction class. * * Original code from {@link http://php.justinvincent.com Justin Vincent (justin@visunet.ie)} * * @package WordPress * @subpackage Database * @since 0.71 */ /** * @since 0.71 */ define( 'EZSQL_VERSION', 'WP1.25' ); /** * @since 0.71 */ define( 'OBJECT', 'OBJECT' ); // phpcs:ignore Generic.NamingConventions.UpperCaseConstantName.ConstantNotUpperCase define( 'object', 'OBJECT' ); // Back compat. /** * @since 2.5.0 */ define( 'OBJECT_K', 'OBJECT_K' ); /** * @since 0.71 */ define( 'ARRAY_A', 'ARRAY_A' ); /** * @since 0.71 */ define( 'ARRAY_N', 'ARRAY_N' ); /** * WordPress database access abstraction class. * * This class is used to interact with a database without needing to use raw SQL statements. * By default, WordPress uses this class to instantiate the global $wpdb object, providing * access to the WordPress database. * * It is possible to replace this class with your own by setting the $wpdb global variable * in wp-content/db.php file to your class. The wpdb class will still be included, so you can * extend it or simply use your own. * * @link https://developer.wordpress.org/reference/classes/wpdb/ * * @since 0.71 */ #[AllowDynamicProperties] class wpdb { /** * Whether to show SQL/DB errors. * * Default is to show errors if both WP_DEBUG and WP_DEBUG_DISPLAY evaluate to true. * * @since 0.71 * * @var bool */ public $show_errors = false; /** * Whether to suppress errors during the DB bootstrapping. Default false. * * @since 2.5.0 * * @var bool */ public $suppress_errors = false; /** * The error encountered during the last query. * * @since 2.5.0 * * @var string */ public $last_error = ''; /** * The number of queries made. * * @since 1.2.0 * * @var int */ public $num_queries = 0; /** * Count of rows returned by the last query. * * @since 0.71 * * @var int */ public $num_rows = 0; /** * Count of rows affected by the last query. * * @since 0.71 * * @var int */ public $rows_affected = 0; /** * The ID generated for an AUTO_INCREMENT column by the last query (usually INSERT). * * @since 0.71 * * @var int */ public $insert_id = 0; /** * The last query made. * * @since 0.71 * * @var string */ public $last_query; /** * Results of the last query. * * @since 0.71 * * @var stdClass[]|null */ public $last_result; /** * Database query result. * * Possible values: * * - For successful SELECT, SHOW, DESCRIBE, or EXPLAIN queries: * - `mysqli_result` instance when the `mysqli` driver is in use * - `resource` when the older `mysql` driver is in use * - `true` for other query types that were successful * - `null` if a query is yet to be made or if the result has since been flushed * - `false` if the query returned an error * * @since 0.71 * * @var mysqli_result|resource|bool|null */ protected $result; /** * Cached column info, for sanity checking data before inserting. * * @since 4.2.0 * * @var array */ protected $col_meta = array(); /** * Calculated character sets keyed by table name. * * @since 4.2.0 * * @var string[] */ protected $table_charset = array(); /** * Whether text fields in the current query need to be sanity checked. * * @since 4.2.0 * * @var bool */ protected $check_current_query = true; /** * Flag to ensure we don't run into recursion problems when checking the collation. * * @since 4.2.0 * * @see wpdb::check_safe_collation() * @var bool */ private $checking_collation = false; /** * Saved info on the table column. * * @since 0.71 * * @var array */ protected $col_info; /** * Log of queries that were executed, for debugging purposes. * * @since 1.5.0 * @since 2.5.0 The third element in each query log was added to record the calling functions. * @since 5.1.0 The fourth element in each query log was added to record the start time. * @since 5.3.0 The fifth element in each query log was added to record custom data. * * @var array[] { * Array of arrays containing information about queries that were executed. * * @type array ...$0 { * Data for each query. * * @type string $0 The query's SQL. * @type float $1 Total time spent on the query, in seconds. * @type string $2 Comma-separated list of the calling functions. * @type float $3 Unix timestamp of the time at the start of the query. * @type array $4 Custom query data. * } * } */ public $queries; /** * The number of times to retry reconnecting before dying. Default 5. * * @since 3.9.0 * * @see wpdb::check_connection() * @var int */ protected $reconnect_retries = 5; /** * WordPress table prefix. * * You can set this to have multiple WordPress installations in a single database. * The second reason is for possible security precautions. * * @since 2.5.0 * * @var string */ public $prefix = ''; /** * WordPress base table prefix. * * @since 3.0.0 * * @var string */ public $base_prefix; /** * Whether the database queries are ready to start executing. * * @since 2.3.2 * * @var bool */ public $ready = false; /** * Blog ID. * * @since 3.0.0 * * @var int */ public $blogid = 0; /** * Site ID. * * @since 3.0.0 * * @var int */ public $siteid = 0; /** * List of WordPress per-site tables. * * @since 2.5.0 * * @see wpdb::tables() * @var string[] */ public $tables = array( 'posts', 'comments', 'links', 'options', 'postmeta', 'terms', 'term_taxonomy', 'term_relationships', 'termmeta', 'commentmeta', ); /** * List of deprecated WordPress tables. * * 'categories', 'post2cat', and 'link2cat' were deprecated in 2.3.0, db version 5539. * * @since 2.9.0 * * @see wpdb::tables() * @var string[] */ public $old_tables = array( 'categories', 'post2cat', 'link2cat' ); /** * List of WordPress global tables. * * @since 3.0.0 * * @see wpdb::tables() * @var string[] */ public $global_tables = array( 'users', 'usermeta' ); /** * List of Multisite global tables. * * @since 3.0.0 * * @see wpdb::tables() * @var string[] */ public $ms_global_tables = array( 'blogs', 'blogmeta', 'signups', 'site', 'sitemeta', 'registration_log', ); /** * List of deprecated WordPress Multisite global tables. * * @since 6.1.0 * * @see wpdb::tables() * @var string[] */ public $old_ms_global_tables = array( 'sitecategories' ); /** * WordPress Comments table. * * @since 1.5.0 * * @var string */ public $comments; /** * WordPress Comment Metadata table. * * @since 2.9.0 * * @var string */ public $commentmeta; /** * WordPress Links table. * * @since 1.5.0 * * @var string */ public $links; /** * WordPress Options table. * * @since 1.5.0 * * @var string */ public $options; /** * WordPress Post Metadata table. * * @since 1.5.0 * * @var string */ public $postmeta; /** * WordPress Posts table. * * @since 1.5.0 * * @var string */ public $posts; /** * WordPress Terms table. * * @since 2.3.0 * * @var string */ public $terms; /** * WordPress Term Relationships table. * * @since 2.3.0 * * @var string */ public $term_relationships; /** * WordPress Term Taxonomy table. * * @since 2.3.0 * * @var string */ public $term_taxonomy; /** * WordPress Term Meta table. * * @since 4.4.0 * * @var string */ public $termmeta; // // Global and Multisite tables // /** * WordPress User Metadata table. * * @since 2.3.0 * * @var string */ public $usermeta; /** * WordPress Users table. * * @since 1.5.0 * * @var string */ public $users; /** * Multisite Blogs table. * * @since 3.0.0 * * @var string */ public $blogs; /** * Multisite Blog Metadata table. * * @since 5.1.0 * * @var string */ public $blogmeta; /** * Multisite Registration Log table. * * @since 3.0.0 * * @var string */ public $registration_log; /** * Multisite Signups table. * * @since 3.0.0 * * @var string */ public $signups; /** * Multisite Sites table. * * @since 3.0.0 * * @var string */ public $site; /** * Multisite Sitewide Terms table. * * @since 3.0.0 * * @var string */ public $sitecategories; /** * Multisite Site Metadata table. * * @since 3.0.0 * * @var string */ public $sitemeta; /** * Format specifiers for DB columns. * * Columns not listed here default to %s. Initialized during WP load. * Keys are column names, values are format types: 'ID' => '%d'. * * @since 2.8.0 * * @see wpdb::prepare() * @see wpdb::insert() * @see wpdb::update() * @see wpdb::delete() * @see wp_set_wpdb_vars() * @var array */ public $field_types = array(); /** * Database table columns charset. * * @since 2.2.0 * * @var string */ public $charset; /** * Database table columns collate. * * @since 2.2.0 * * @var string */ public $collate; /** * Database Username. * * @since 2.9.0 * * @var string */ protected $dbuser; /** * Database Password. * * @since 3.1.0 * * @var string */ protected $dbpassword; /** * Database Name. * * @since 3.1.0 * * @var string */ protected $dbname; /** * Database Host. * * @since 3.1.0 * * @var string */ protected $dbhost; /** * Database handle. * * Possible values: * * - `mysqli` instance when the `mysqli` driver is in use * - `resource` when the older `mysql` driver is in use * - `null` if the connection is yet to be made or has been closed * - `false` if the connection has failed * * @since 0.71 * * @var mysqli|resource|false|null */ protected $dbh; /** * A textual description of the last query/get_row/get_var call. * * @since 3.0.0 * * @var string */ public $func_call; /** * Whether MySQL is used as the database engine. * * Set in wpdb::db_connect() to true, by default. This is used when checking * against the required MySQL version for WordPress. Normally, a replacement * database drop-in (db.php) will skip these checks, but setting this to true * will force the checks to occur. * * @since 3.3.0 * * @var bool */ public $is_mysql = null; /** * A list of incompatible SQL modes. * * @since 3.9.0 * * @var string[] */ protected $incompatible_modes = array( 'NO_ZERO_DATE', 'ONLY_FULL_GROUP_BY', 'STRICT_TRANS_TABLES', 'STRICT_ALL_TABLES', 'TRADITIONAL', 'ANSI', ); /** * Backward compatibility, where wpdb::prepare() has not quoted formatted/argnum placeholders. * * This is often used for table/field names (before %i was supported), and sometimes string formatting, e.g. * * $wpdb->prepare( 'WHERE `%1$s` = "%2$s something %3$s" OR %1$s = "%4$-10s"', 'field_1', 'a', 'b', 'c' ); * * But it's risky, e.g. forgetting to add quotes, resulting in SQL Injection vulnerabilities: * * $wpdb->prepare( 'WHERE (id = %1s) OR (id = %2$s)', $_GET['id'], $_GET['id'] ); // ?id=id * * This feature is preserved while plugin authors update their code to use safer approaches: * * $_GET['key'] = 'a`b'; * * $wpdb->prepare( 'WHERE %1s = %s', $_GET['key'], $_GET['value'] ); // WHERE a`b = 'value' * $wpdb->prepare( 'WHERE `%1$s` = "%2$s"', $_GET['key'], $_GET['value'] ); // WHERE `a`b` = "value" * * $wpdb->prepare( 'WHERE %i = %s', $_GET['key'], $_GET['value'] ); // WHERE `a``b` = 'value' * * While changing to false will be fine for queries not using formatted/argnum placeholders, * any remaining cases are most likely going to result in SQL errors (good, in a way): * * $wpdb->prepare( 'WHERE %1$s = "%2$-10s"', 'my_field', 'my_value' ); * true = WHERE my_field = "my_value " * false = WHERE 'my_field' = "'my_value '" * * But there may be some queries that result in an SQL Injection vulnerability: * * $wpdb->prepare( 'WHERE id = %1$s', $_GET['id'] ); // ?id=id * * So there may need to be a `_doing_it_wrong()` phase, after we know everyone can use * identifier placeholders (%i), but before this feature is disabled or removed. * * @since 6.2.0 * @var bool */ private $allow_unsafe_unquoted_parameters = true; /** * Whether to use mysqli over mysql. Default false. * * @since 3.9.0 * * @var bool */ private $use_mysqli = false; /** * Whether we've managed to successfully connect at some point. * * @since 3.9.0 * * @var bool */ private $has_connected = false; /** * Time when the last query was performed. * * Only set when `SAVEQUERIES` is defined and truthy. * * @since 1.5.0 * * @var float */ public $time_start = null; /** * The last SQL error that was encountered. * * @since 2.5.0 * * @var WP_Error|string */ public $error = null; /** * Connects to the database server and selects a database. * * Does the actual setting up * of the class properties and connection to the database. * * @since 2.0.8 * * @link https://core.trac.wordpress.org/ticket/3354 * * @param string $dbuser Database user. * @param string $dbpassword Database password. * @param string $dbname Database name. * @param string $dbhost Database host. */ public function __construct( $dbuser, $dbpassword, $dbname, $dbhost ) { if ( WP_DEBUG && WP_DEBUG_DISPLAY ) { $this->show_errors(); } // Use the `mysqli` extension if it exists unless `WP_USE_EXT_MYSQL` is defined as true. if ( function_exists( 'mysqli_connect' ) ) { $this->use_mysqli = true; if ( defined( 'WP_USE_EXT_MYSQL' ) ) { $this->use_mysqli = ! WP_USE_EXT_MYSQL; } } $this->dbuser = $dbuser; $this->dbpassword = $dbpassword; $this->dbname = $dbname; $this->dbhost = $dbhost; // wp-config.php creation will manually connect when ready. if ( defined( 'WP_SETUP_CONFIG' ) ) { return; } $this->db_connect(); } /** * Makes private properties readable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to get, and optionally process. * @return mixed The private member. */ public function __get( $name ) { if ( 'col_info' === $name ) { $this->load_col_info(); } return $this->$name; } /** * Makes private properties settable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to set. * @param mixed $value The value to set. */ public function __set( $name, $value ) { $protected_members = array( 'col_meta', 'table_charset', 'check_current_query', 'allow_unsafe_unquoted_parameters', ); if ( in_array( $name, $protected_members, true ) ) { return; } $this->$name = $value; } /** * Makes private properties check-able for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to check. * @return bool If the member is set or not. */ public function __isset( $name ) { return isset( $this->$name ); } /** * Makes private properties un-settable for backward compatibility. * * @since 3.5.0 * * @param string $name The private member to unset */ public function __unset( $name ) { unset( $this->$name ); } /** * Sets $this->charset and $this->collate. * * @since 3.1.0 */ public function init_charset() { $charset = ''; $collate = ''; if ( function_exists( 'is_multisite' ) && is_multisite() ) { $charset = 'utf8'; if ( defined( 'DB_COLLATE' ) && DB_COLLATE ) { $collate = DB_COLLATE; } else { $collate = 'utf8_general_ci'; } } elseif ( defined( 'DB_COLLATE' ) ) { $collate = DB_COLLATE; } if ( defined( 'DB_CHARSET' ) ) { $charset = DB_CHARSET; } $charset_collate = $this->determine_charset( $charset, $collate ); $this->charset = $charset_collate['charset']; $this->collate = $charset_collate['collate']; } /** * Determines the best charset and collation to use given a charset and collation. * * For example, when able, utf8mb4 should be used instead of utf8. * * @since 4.6.0 * * @param string $charset The character set to check. * @param string $collate The collation to check. * @return array { * The most appropriate character set and collation to use. * * @type string $charset Character set. * @type string $collate Collation. * } */ public function determine_charset( $charset, $collate ) { if ( ( $this->use_mysqli && ! ( $this->dbh instanceof mysqli ) ) || empty( $this->dbh ) ) { return compact( 'charset', 'collate' ); } if ( 'utf8' === $charset && $this->has_cap( 'utf8mb4' ) ) { $charset = 'utf8mb4'; } if ( 'utf8mb4' === $charset && ! $this->has_cap( 'utf8mb4' ) ) { $charset = 'utf8'; $collate = str_replace( 'utf8mb4_', 'utf8_', $collate ); } if ( 'utf8mb4' === $charset ) { // _general_ is outdated, so we can upgrade it to _unicode_, instead. if ( ! $collate || 'utf8_general_ci' === $collate ) { $collate = 'utf8mb4_unicode_ci'; } else { $collate = str_replace( 'utf8_', 'utf8mb4_', $collate ); } } // _unicode_520_ is a better collation, we should use that when it's available. if ( $this->has_cap( 'utf8mb4_520' ) && 'utf8mb4_unicode_ci' === $collate ) { $collate = 'utf8mb4_unicode_520_ci'; } return compact( 'charset', 'collate' ); } /** * Sets the connection's character set. * * @since 3.1.0 * * @param mysqli|resource $dbh The connection returned by `mysqli_connect()` or `mysql_connect()`. * @param string $charset Optional. The character set. Default null. * @param string $collate Optional. The collation. Default null. */ public function set_charset( $dbh, $charset = null, $collate = null ) { if ( ! isset( $charset ) ) { $charset = $this->charset; } if ( ! isset( $collate ) ) { $collate = $this->collate; } if ( $this->has_cap( 'collation' ) && ! empty( $charset ) ) { $set_charset_succeeded = true; if ( $this->use_mysqli ) { if ( function_exists( 'mysqli_set_charset' ) && $this->has_cap( 'set_charset' ) ) { $set_charset_succeeded = mysqli_set_charset( $dbh, $charset ); } if ( $set_charset_succeeded ) { $query = $this->prepare( 'SET NAMES %s', $charset ); if ( ! empty( $collate ) ) { $query .= $this->prepare( ' COLLATE %s', $collate ); } mysqli_query( $dbh, $query ); } } else { if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset' ) ) { $set_charset_succeeded = mysql_set_charset( $charset, $dbh ); } if ( $set_charset_succeeded ) { $query = $this->prepare( 'SET NAMES %s', $charset ); if ( ! empty( $collate ) ) { $query .= $this->prepare( ' COLLATE %s', $collate ); } mysql_query( $query, $dbh ); } } } } /** * Changes the current SQL mode, and ensures its WordPress compatibility. * * If no modes are passed, it will ensure the current MySQL server modes are compatible. * * @since 3.9.0 * * @param array $modes Optional. A list of SQL modes to set. Default empty array. */ public function set_sql_mode( $modes = array() ) { if ( empty( $modes ) ) { if ( $this->use_mysqli ) { $res = mysqli_query( $this->dbh, 'SELECT @@SESSION.sql_mode' ); } else { $res = mysql_query( 'SELECT @@SESSION.sql_mode', $this->dbh ); } if ( empty( $res ) ) { return; } if ( $this->use_mysqli ) { $modes_array = mysqli_fetch_array( $res ); if ( empty( $modes_array[0] ) ) { return; } $modes_str = $modes_array[0]; } else { $modes_str = mysql_result( $res, 0 ); } if ( empty( $modes_str ) ) { return; } $modes = explode( ',', $modes_str ); } $modes = array_change_key_case( $modes, CASE_UPPER ); /** * Filters the list of incompatible SQL modes to exclude. * * @since 3.9.0 * * @param array $incompatible_modes An array of incompatible modes. */ $incompatible_modes = (array) apply_filters( 'incompatible_sql_modes', $this->incompatible_modes ); foreach ( $modes as $i => $mode ) { if ( in_array( $mode, $incompatible_modes, true ) ) { unset( $modes[ $i ] ); } } $modes_str = implode( ',', $modes ); if ( $this->use_mysqli ) { mysqli_query( $this->dbh, "SET SESSION sql_mode='$modes_str'" ); } else { mysql_query( "SET SESSION sql_mode='$modes_str'", $this->dbh ); } } /** * Sets the table prefix for the WordPress tables. * * @since 2.5.0 * * @param string $prefix Alphanumeric name for the new prefix. * @param bool $set_table_names Optional. Whether the table names, e.g. wpdb::$posts, * should be updated or not. Default true. * @return string|WP_Error Old prefix or WP_Error on error. */ public function set_prefix( $prefix, $set_table_names = true ) { if ( preg_match( '|[^a-z0-9_]|i', $prefix ) ) { return new WP_Error( 'invalid_db_prefix', 'Invalid database prefix' ); } $old_prefix = is_multisite() ? '' : $prefix; if ( isset( $this->base_prefix ) ) { $old_prefix = $this->base_prefix; } $this->base_prefix = $prefix; if ( $set_table_names ) { foreach ( $this->tables( 'global' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } if ( is_multisite() && empty( $this->blogid ) ) { return $old_prefix; } $this->prefix = $this->get_blog_prefix(); foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } } return $old_prefix; } /** * Sets blog ID. * * @since 3.0.0 * * @param int $blog_id * @param int $network_id Optional. Network ID. Default 0. * @return int Previous blog ID. */ public function set_blog_id( $blog_id, $network_id = 0 ) { if ( ! empty( $network_id ) ) { $this->siteid = $network_id; } $old_blog_id = $this->blogid; $this->blogid = $blog_id; $this->prefix = $this->get_blog_prefix(); foreach ( $this->tables( 'blog' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } foreach ( $this->tables( 'old' ) as $table => $prefixed_table ) { $this->$table = $prefixed_table; } return $old_blog_id; } /** * Gets blog prefix. * * @since 3.0.0 * * @param int $blog_id Optional. Blog ID to retrieve the table prefix for. * Defaults to the current blog ID. * @return string Blog prefix. */ public function get_blog_prefix( $blog_id = null ) { if ( is_multisite() ) { if ( null === $blog_id ) { $blog_id = $this->blogid; } $blog_id = (int) $blog_id; if ( defined( 'MULTISITE' ) && ( 0 === $blog_id || 1 === $blog_id ) ) { return $this->base_prefix; } else { return $this->base_prefix . $blog_id . '_'; } } else { return $this->base_prefix; } } /** * Returns an array of WordPress tables. * * Also allows for the `CUSTOM_USER_TABLE` and `CUSTOM_USER_META_TABLE` to override the WordPress users * and usermeta tables that would otherwise be determined by the prefix. * * The `$scope` argument can take one of the following: * * - 'all' - returns 'all' and 'global' tables. No old tables are returned. * - 'blog' - returns the blog-level tables for the queried blog. * - 'global' - returns the global tables for the installation, returning multisite tables only on multisite. * - 'ms_global' - returns the multisite global tables, regardless if current installation is multisite. * - 'old' - returns tables which are deprecated. * * @since 3.0.0 * @since 6.1.0 `old` now includes deprecated multisite global tables only on multisite. * * @uses wpdb::$tables * @uses wpdb::$old_tables * @uses wpdb::$global_tables * @uses wpdb::$ms_global_tables * @uses wpdb::$old_ms_global_tables * * @param string $scope Optional. Possible values include 'all', 'global', 'ms_global', 'blog', * or 'old' tables. Default 'all'. * @param bool $prefix Optional. Whether to include table prefixes. If blog prefix is requested, * then the custom users and usermeta tables will be mapped. Default true. * @param int $blog_id Optional. The blog_id to prefix. Used only when prefix is requested. * Defaults to `wpdb::$blogid`. * @return string[] Table names. When a prefix is requested, the key is the unprefixed table name. */ public function tables( $scope = 'all', $prefix = true, $blog_id = 0 ) { switch ( $scope ) { case 'all': $tables = array_merge( $this->global_tables, $this->tables ); if ( is_multisite() ) { $tables = array_merge( $tables, $this->ms_global_tables ); } break; case 'blog': $tables = $this->tables; break; case 'global': $tables = $this->global_tables; if ( is_multisite() ) { $tables = array_merge( $tables, $this->ms_global_tables ); } break; case 'ms_global': $tables = $this->ms_global_tables; break; case 'old': $tables = $this->old_tables; if ( is_multisite() ) { $tables = array_merge( $tables, $this->old_ms_global_tables ); } break; default: return array(); } if ( $prefix ) { if ( ! $blog_id ) { $blog_id = $this->blogid; } $blog_prefix = $this->get_blog_prefix( $blog_id ); $base_prefix = $this->base_prefix; $global_tables = array_merge( $this->global_tables, $this->ms_global_tables ); foreach ( $tables as $k => $table ) { if ( in_array( $table, $global_tables, true ) ) { $tables[ $table ] = $base_prefix . $table; } else { $tables[ $table ] = $blog_prefix . $table; } unset( $tables[ $k ] ); } if ( isset( $tables['users'] ) && defined( 'CUSTOM_USER_TABLE' ) ) { $tables['users'] = CUSTOM_USER_TABLE; } if ( isset( $tables['usermeta'] ) && defined( 'CUSTOM_USER_META_TABLE' ) ) { $tables['usermeta'] = CUSTOM_USER_META_TABLE; } } return $tables; } /** * Selects a database using the current or provided database connection. * * The database name will be changed based on the current database connection. * On failure, the execution will bail and display a DB error. * * @since 0.71 * * @param string $db Database name. * @param mysqli|resource $dbh Optional. Database connection. * Defaults to the current database handle. */ public function select( $db, $dbh = null ) { if ( is_null( $dbh ) ) { $dbh = $this->dbh; } if ( $this->use_mysqli ) { $success = mysqli_select_db( $dbh, $db ); } else { $success = mysql_select_db( $db, $dbh ); } if ( ! $success ) { $this->ready = false; if ( ! did_action( 'template_redirect' ) ) { wp_load_translations_early(); $message = '<h1>' . __( 'Cannot select database' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: %s: Database name. */ __( 'The database server could be connected to (which means your username and password is okay) but the %s database could not be selected.' ), '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure it exists?' ) . "</li>\n"; $message .= '<li>' . sprintf( /* translators: 1: Database user, 2: Database name. */ __( 'Does the user %1$s have permission to use the %2$s database?' ), '<code>' . htmlspecialchars( $this->dbuser, ENT_QUOTES ) . '</code>', '<code>' . htmlspecialchars( $db, ENT_QUOTES ) . '</code>' ) . "</li>\n"; $message .= '<li>' . sprintf( /* translators: %s: Database name. */ __( 'On some systems the name of your database is prefixed with your username, so it would be like <code>username_%1$s</code>. Could that be the problem?' ), htmlspecialchars( $db, ENT_QUOTES ) ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you do not know how to set up a database you should <strong>contact your host</strong>. If all else fails you may find help at the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; $this->bail( $message, 'db_select_fail' ); } } } /** * Do not use, deprecated. * * Use esc_sql() or wpdb::prepare() instead. * * @since 2.8.0 * @deprecated 3.6.0 Use wpdb::prepare() * @see wpdb::prepare() * @see esc_sql() * * @param string $data * @return string */ public function _weak_escape( $data ) { if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) { _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' ); } return addslashes( $data ); } /** * Real escape, using mysqli_real_escape_string() or mysql_real_escape_string(). * * @since 2.8.0 * * @see mysqli_real_escape_string() * @see mysql_real_escape_string() * * @param string $data String to escape. * @return string Escaped string. */ public function _real_escape( $data ) { if ( ! is_scalar( $data ) ) { return ''; } if ( $this->dbh ) { if ( $this->use_mysqli ) { $escaped = mysqli_real_escape_string( $this->dbh, $data ); } else { $escaped = mysql_real_escape_string( $data, $this->dbh ); } } else { $class = get_class( $this ); wp_load_translations_early(); /* translators: %s: Database access abstraction class, usually wpdb or a class extending wpdb. */ _doing_it_wrong( $class, sprintf( __( '%s must set a database connection for use with escaping.' ), $class ), '3.6.0' ); $escaped = addslashes( $data ); } return $this->add_placeholder_escape( $escaped ); } /** * Escapes data. Works on arrays. * * @since 2.8.0 * * @uses wpdb::_real_escape() * * @param string|array $data Data to escape. * @return string|array Escaped data, in the same type as supplied. */ public function _escape( $data ) { if ( is_array( $data ) ) { foreach ( $data as $k => $v ) { if ( is_array( $v ) ) { $data[ $k ] = $this->_escape( $v ); } else { $data[ $k ] = $this->_real_escape( $v ); } } } else { $data = $this->_real_escape( $data ); } return $data; } /** * Do not use, deprecated. * * Use esc_sql() or wpdb::prepare() instead. * * @since 0.71 * @deprecated 3.6.0 Use wpdb::prepare() * @see wpdb::prepare() * @see esc_sql() * * @param string|array $data Data to escape. * @return string|array Escaped data, in the same type as supplied. */ public function escape( $data ) { if ( func_num_args() === 1 && function_exists( '_deprecated_function' ) ) { _deprecated_function( __METHOD__, '3.6.0', 'wpdb::prepare() or esc_sql()' ); } if ( is_array( $data ) ) { foreach ( $data as $k => $v ) { if ( is_array( $v ) ) { $data[ $k ] = $this->escape( $v, 'recursive' ); } else { $data[ $k ] = $this->_weak_escape( $v, 'internal' ); } } } else { $data = $this->_weak_escape( $data, 'internal' ); } return $data; } /** * Escapes content by reference for insertion into the database, for security. * * @uses wpdb::_real_escape() * * @since 2.3.0 * * @param string $data String to escape. */ public function escape_by_ref( &$data ) { if ( ! is_float( $data ) ) { $data = $this->_real_escape( $data ); } } /** * Quotes an identifier for a MySQL database, e.g. table/field names. * * @since 6.2.0 * * @param string $identifier Identifier to escape. * @return string Escaped identifier. */ public function quote_identifier( $identifier ) { return '`' . $this->_escape_identifier_value( $identifier ) . '`'; } /** * Escapes an identifier value without adding the surrounding quotes. * * - Permitted characters in quoted identifiers include the full Unicode * Basic Multilingual Plane (BMP), except U+0000. * - To quote the identifier itself, you need to double the character, e.g. `a``b`. * * @since 6.2.0 * * @link https://dev.mysql.com/doc/refman/8.0/en/identifiers.html * * @param string $identifier Identifier to escape. * @return string Escaped identifier. */ private function _escape_identifier_value( $identifier ) { return str_replace( '`', '``', $identifier ); } /** * Prepares a SQL query for safe execution. * * Uses sprintf()-like syntax. The following placeholders can be used in the query string: * * - %d (integer) * - %f (float) * - %s (string) * - %i (identifier, e.g. table/field names) * * All placeholders MUST be left unquoted in the query string. A corresponding argument * MUST be passed for each placeholder. * * Note: There is one exception to the above: for compatibility with old behavior, * numbered or formatted string placeholders (eg, `%1$s`, `%5s`) will not have quotes * added by this function, so should be passed with appropriate quotes around them. * * Literal percentage signs (`%`) in the query string must be written as `%%`. Percentage wildcards * (for example, to use in LIKE syntax) must be passed via a substitution argument containing * the complete LIKE string, these cannot be inserted directly in the query string. * Also see wpdb::esc_like(). * * Arguments may be passed as individual arguments to the method, or as a single array * containing all arguments. A combination of the two is not supported. * * Examples: * * $wpdb->prepare( * "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d OR `other_field` LIKE %s", * array( 'foo', 1337, '%bar' ) * ); * * $wpdb->prepare( * "SELECT DATE_FORMAT(`field`, '%%c') FROM `table` WHERE `column` = %s", * 'foo' * ); * * @since 2.3.0 * @since 5.3.0 Formalized the existing and already documented `...$args` parameter * by updating the function signature. The second parameter was changed * from `$args` to `...$args`. * @since 6.2.0 Added `%i` for identifiers, e.g. table or field names. * Check support via `wpdb::has_cap( 'identifier_placeholders' )`. * This preserves compatibility with sprintf(), as the C version uses * `%d` and `$i` as a signed integer, whereas PHP only supports `%d`. * * @link https://www.php.net/sprintf Description of syntax. * * @param string $query Query statement with sprintf()-like placeholders. * @param array|mixed $args The array of variables to substitute into the query's placeholders * if being called with an array of arguments, or the first variable * to substitute into the query's placeholders if being called with * individual arguments. * @param mixed ...$args Further variables to substitute into the query's placeholders * if being called with individual arguments. * @return string|void Sanitized query string, if there is a query to prepare. */ public function prepare( $query, ...$args ) { if ( is_null( $query ) ) { return; } // This is not meant to be foolproof -- but it will catch obviously incorrect usage. if ( strpos( $query, '%' ) === false ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: wpdb::prepare() */ __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9.0' ); } /* * Specify the formatting allowed in a placeholder. The following are allowed: * * - Sign specifier, e.g. $+d * - Numbered placeholders, e.g. %1$s * - Padding specifier, including custom padding characters, e.g. %05s, %'#5s * - Alignment specifier, e.g. %05-s * - Precision specifier, e.g. %.2f */ $allowed_format = '(?:[1-9][0-9]*[$])?[-+0-9]*(?: |0|\'.)?[-+0-9]*(?:\.[0-9]+)?'; /* * If a %s placeholder already has quotes around it, removing the existing quotes * and re-inserting them ensures the quotes are consistent. * * For backward compatibility, this is only applied to %s, and not to placeholders like %1$s, * which are frequently used in the middle of longer strings, or as table name placeholders. */ $query = str_replace( "'%s'", '%s', $query ); // Strip any existing single quotes. $query = str_replace( '"%s"', '%s', $query ); // Strip any existing double quotes. // Escape any unescaped percents (i.e. anything unrecognised). $query = preg_replace( "/%(?:%|$|(?!($allowed_format)?[sdfFi]))/", '%%\\1', $query ); // Extract placeholders from the query. $split_query = preg_split( "/(^|[^%]|(?:%%)+)(%(?:$allowed_format)?[sdfFi])/", $query, -1, PREG_SPLIT_DELIM_CAPTURE ); $split_query_count = count( $split_query ); /* * Split always returns with 1 value before the first placeholder (even with $query = "%s"), * then 3 additional values per placeholder. */ $placeholder_count = ( ( $split_query_count - 1 ) / 3 ); // If args were passed as an array, as in vsprintf(), move them up. $passed_as_array = ( isset( $args[0] ) && is_array( $args[0] ) && 1 === count( $args ) ); if ( $passed_as_array ) { $args = $args[0]; } $new_query = ''; $key = 2; // Keys 0 and 1 in $split_query contain values before the first placeholder. $arg_id = 0; $arg_identifiers = array(); $arg_strings = array(); while ( $key < $split_query_count ) { $placeholder = $split_query[ $key ]; $format = substr( $placeholder, 1, -1 ); $type = substr( $placeholder, -1 ); if ( 'f' === $type && true === $this->allow_unsafe_unquoted_parameters && '%' === substr( $split_query[ $key - 1 ], -1, 1 ) ) { /* * Before WP 6.2 the "force floats to be locale-unaware" RegEx didn't * convert "%%%f" to "%%%F" (note the uppercase F). * This was because it didn't check to see if the leading "%" was escaped. * And because the "Escape any unescaped percents" RegEx used "[sdF]" in its * negative lookahead assertion, when there was an odd number of "%", it added * an extra "%", to give the fully escaped "%%%%f" (not a placeholder). */ $s = $split_query[ $key - 2 ] . $split_query[ $key - 1 ]; $k = 1; $l = strlen( $s ); while ( $k <= $l && '%' === $s[ $l - $k ] ) { $k++; } $placeholder = '%' . ( $k % 2 ? '%' : '' ) . $format . $type; --$placeholder_count; } else { // Force floats to be locale-unaware. if ( 'f' === $type ) { $type = 'F'; $placeholder = '%' . $format . $type; } if ( 'i' === $type ) { $placeholder = '`%' . $format . 's`'; // Using a simple strpos() due to previous checking (e.g. $allowed_format). $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { // sprintf() argnum starts at 1, $arg_id from 0. $arg_identifiers[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_identifiers[] = $arg_id; } } elseif ( 'd' !== $type && 'F' !== $type ) { /* * i.e. ( 's' === $type ), where 'd' and 'F' keeps $placeholder unchanged, * and we ensure string escaping is used as a safe default (e.g. even if 'x'). */ $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { $arg_strings[] = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_strings[] = $arg_id; } /* * Unquoted strings for backward compatibility (dangerous). * First, "numbered or formatted string placeholders (eg, %1$s, %5s)". * Second, if "%s" has a "%" before it, even if it's unrelated (e.g. "LIKE '%%%s%%'"). */ if ( true !== $this->allow_unsafe_unquoted_parameters || ( '' === $format && '%' !== substr( $split_query[ $key - 1 ], -1, 1 ) ) ) { $placeholder = "'%" . $format . "s'"; } } } // Glue (-2), any leading characters (-1), then the new $placeholder. $new_query .= $split_query[ $key - 2 ] . $split_query[ $key - 1 ] . $placeholder; $key += 3; $arg_id++; } // Replace $query; and add remaining $query characters, or index 0 if there were no placeholders. $query = $new_query . $split_query[ $key - 2 ]; $dual_use = array_intersect( $arg_identifiers, $arg_strings ); if ( count( $dual_use ) > 0 ) { wp_load_translations_early(); $used_placeholders = array(); $key = 2; $arg_id = 0; // Parse again (only used when there is an error). while ( $key < $split_query_count ) { $placeholder = $split_query[ $key ]; $format = substr( $placeholder, 1, -1 ); $argnum_pos = strpos( $format, '$' ); if ( false !== $argnum_pos ) { $arg_pos = ( ( (int) substr( $format, 0, $argnum_pos ) ) - 1 ); } else { $arg_pos = $arg_id; } $used_placeholders[ $arg_pos ][] = $placeholder; $key += 3; $arg_id++; } $conflicts = array(); foreach ( $dual_use as $arg_pos ) { $conflicts[] = implode( ' and ', $used_placeholders[ $arg_pos ] ); } _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: A list of placeholders found to be a problem. */ __( 'Arguments cannot be prepared as both an Identifier and Value. Found the following conflicts: %s' ), implode( ', ', $conflicts ) ), '6.2.0' ); return; } $args_count = count( $args ); if ( $args_count !== $placeholder_count ) { if ( 1 === $placeholder_count && $passed_as_array ) { /* * If the passed query only expected one argument, * but the wrong number of arguments was sent as an array, bail. */ wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', __( 'The query only expected one placeholder, but an array of multiple placeholders was sent.' ), '4.9.0' ); return; } else { /* * If we don't have the right number of placeholders, * but they were passed as individual arguments, * or we were expecting multiple arguments in an array, throw a warning. */ wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: 1: Number of placeholders, 2: Number of arguments passed. */ __( 'The query does not contain the correct number of placeholders (%1$d) for the number of arguments passed (%2$d).' ), $placeholder_count, $args_count ), '4.8.3' ); /* * If we don't have enough arguments to match the placeholders, * return an empty string to avoid a fatal error on PHP 8. */ if ( $args_count < $placeholder_count ) { $max_numbered_placeholder = 0; for ( $i = 2, $l = $split_query_count; $i < $l; $i += 3 ) { // Assume a leading number is for a numbered placeholder, e.g. '%3$s'. $argnum = (int) substr( $split_query[ $i ], 1 ); if ( $max_numbered_placeholder < $argnum ) { $max_numbered_placeholder = $argnum; } } if ( ! $max_numbered_placeholder || $args_count < $max_numbered_placeholder ) { return ''; } } } } $args_escaped = array(); foreach ( $args as $i => $value ) { if ( in_array( $i, $arg_identifiers, true ) ) { $args_escaped[] = $this->_escape_identifier_value( $value ); } elseif ( is_int( $value ) || is_float( $value ) ) { $args_escaped[] = $value; } else { if ( ! is_scalar( $value ) && ! is_null( $value ) ) { wp_load_translations_early(); _doing_it_wrong( 'wpdb::prepare', sprintf( /* translators: %s: Value type. */ __( 'Unsupported value type (%s).' ), gettype( $value ) ), '4.8.2' ); // Preserving old behavior, where values are escaped as strings. $value = ''; } $args_escaped[] = $this->_real_escape( $value ); } } $query = vsprintf( $query, $args_escaped ); return $this->add_placeholder_escape( $query ); } /** * First half of escaping for `LIKE` special characters `%` and `_` before preparing for SQL. * * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security. * * Example Prepared Statement: * * $wild = '%'; * $find = 'only 43% of planets'; * $like = $wild . $wpdb->esc_like( $find ) . $wild; * $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); * * Example Escape Chain: * * $sql = esc_sql( $wpdb->esc_like( $input ) ); * * @since 4.0.0 * * @param string $text The raw text to be escaped. The input typed by the user * should have no extra or deleted slashes. * @return string Text in the form of a LIKE phrase. The output is not SQL safe. * Call wpdb::prepare() or wpdb::_real_escape() next. */ public function esc_like( $text ) { return addcslashes( $text, '_%\\' ); } /** * Prints SQL/DB error. * * @since 0.71 * * @global array $EZSQL_ERROR Stores error information of query and error string. * * @param string $str The error to display. * @return void|false Void if the showing of errors is enabled, false if disabled. */ public function print_error( $str = '' ) { global $EZSQL_ERROR; if ( ! $str ) { if ( $this->use_mysqli ) { $str = mysqli_error( $this->dbh ); } else { $str = mysql_error( $this->dbh ); } } $EZSQL_ERROR[] = array( 'query' => $this->last_query, 'error_str' => $str, ); if ( $this->suppress_errors ) { return false; } $caller = $this->get_caller(); if ( $caller ) { // Not translated, as this will only appear in the error log. $error_str = sprintf( 'WordPress database error %1$s for query %2$s made by %3$s', $str, $this->last_query, $caller ); } else { $error_str = sprintf( 'WordPress database error %1$s for query %2$s', $str, $this->last_query ); } error_log( $error_str ); // Are we showing errors? if ( ! $this->show_errors ) { return false; } wp_load_translations_early(); // If there is an error then take note of it. if ( is_multisite() ) { $msg = sprintf( "%s [%s]\n%s\n", __( 'WordPress database error:' ), $str, $this->last_query ); if ( defined( 'ERRORLOGFILE' ) ) { error_log( $msg, 3, ERRORLOGFILE ); } if ( defined( 'DIEONDBERROR' ) ) { wp_die( $msg ); } } else { $str = htmlspecialchars( $str, ENT_QUOTES ); $query = htmlspecialchars( $this->last_query, ENT_QUOTES ); printf( '<div id="error"><p class="wpdberror"><strong>%s</strong> [%s]<br /><code>%s</code></p></div>', __( 'WordPress database error:' ), $str, $query ); } } /** * Enables showing of database errors. * * This function should be used only to enable showing of errors. * wpdb::hide_errors() should be used instead for hiding errors. * * @since 0.71 * * @see wpdb::hide_errors() * * @param bool $show Optional. Whether to show errors. Default true. * @return bool Whether showing of errors was previously active. */ public function show_errors( $show = true ) { $errors = $this->show_errors; $this->show_errors = $show; return $errors; } /** * Disables showing of database errors. * * By default database errors are not shown. * * @since 0.71 * * @see wpdb::show_errors() * * @return bool Whether showing of errors was previously active. */ public function hide_errors() { $show = $this->show_errors; $this->show_errors = false; return $show; } /** * Enables or disables suppressing of database errors. * * By default database errors are suppressed. * * @since 2.5.0 * * @see wpdb::hide_errors() * * @param bool $suppress Optional. Whether to suppress errors. Default true. * @return bool Whether suppressing of errors was previously active. */ public function suppress_errors( $suppress = true ) { $errors = $this->suppress_errors; $this->suppress_errors = (bool) $suppress; return $errors; } /** * Kills cached query results. * * @since 0.71 */ public function flush() { $this->last_result = array(); $this->col_info = null; $this->last_query = null; $this->rows_affected = 0; $this->num_rows = 0; $this->last_error = ''; if ( $this->use_mysqli && $this->result instanceof mysqli_result ) { mysqli_free_result( $this->result ); $this->result = null; // Sanity check before using the handle. if ( empty( $this->dbh ) || ! ( $this->dbh instanceof mysqli ) ) { return; } // Clear out any results from a multi-query. while ( mysqli_more_results( $this->dbh ) ) { mysqli_next_result( $this->dbh ); } } elseif ( is_resource( $this->result ) ) { mysql_free_result( $this->result ); } } /** * Connects to and selects database. * * If `$allow_bail` is false, the lack of database connection will need to be handled manually. * * @since 3.0.0 * @since 3.9.0 $allow_bail parameter added. * * @param bool $allow_bail Optional. Allows the function to bail. Default true. * @return bool True with a successful connection, false on failure. */ public function db_connect( $allow_bail = true ) { $this->is_mysql = true; /* * Deprecated in 3.9+ when using MySQLi. No equivalent * $new_link parameter exists for mysqli_* functions. */ $new_link = defined( 'MYSQL_NEW_LINK' ) ? MYSQL_NEW_LINK : true; $client_flags = defined( 'MYSQL_CLIENT_FLAGS' ) ? MYSQL_CLIENT_FLAGS : 0; if ( $this->use_mysqli ) { /* * Set the MySQLi error reporting off because WordPress handles its own. * This is due to the default value change from `MYSQLI_REPORT_OFF` * to `MYSQLI_REPORT_ERROR|MYSQLI_REPORT_STRICT` in PHP 8.1. */ mysqli_report( MYSQLI_REPORT_OFF ); $this->dbh = mysqli_init(); $host = $this->dbhost; $port = null; $socket = null; $is_ipv6 = false; $host_data = $this->parse_db_host( $this->dbhost ); if ( $host_data ) { list( $host, $port, $socket, $is_ipv6 ) = $host_data; } /* * If using the `mysqlnd` library, the IPv6 address needs to be enclosed * in square brackets, whereas it doesn't while using the `libmysqlclient` library. * @see https://bugs.php.net/bug.php?id=67563 */ if ( $is_ipv6 && extension_loaded( 'mysqlnd' ) ) { $host = "[$host]"; } if ( WP_DEBUG ) { mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags ); } else { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged @mysqli_real_connect( $this->dbh, $host, $this->dbuser, $this->dbpassword, null, $port, $socket, $client_flags ); } if ( $this->dbh->connect_errno ) { $this->dbh = null; /* * It's possible ext/mysqli is misconfigured. Fall back to ext/mysql if: * - We haven't previously connected, and * - WP_USE_EXT_MYSQL isn't set to false, and * - ext/mysql is loaded. */ $attempt_fallback = true; if ( $this->has_connected ) { $attempt_fallback = false; } elseif ( defined( 'WP_USE_EXT_MYSQL' ) && ! WP_USE_EXT_MYSQL ) { $attempt_fallback = false; } elseif ( ! function_exists( 'mysql_connect' ) ) { $attempt_fallback = false; } if ( $attempt_fallback ) { $this->use_mysqli = false; return $this->db_connect( $allow_bail ); } } } else { if ( WP_DEBUG ) { $this->dbh = mysql_connect( $this->dbhost, $this->dbuser, $this->dbpassword, $new_link, $client_flags ); } else { // phpcs:ignore WordPress.PHP.NoSilencedErrors.Discouraged $this->dbh = @mysql_connect( $this->dbhost, $this->dbuser, $this->dbpassword, $new_link, $client_flags ); } } if ( ! $this->dbh && $allow_bail ) { wp_load_translations_early(); // Load custom DB error template, if present. if ( file_exists( WP_CONTENT_DIR . '/db-error.php' ) ) { require_once WP_CONTENT_DIR . '/db-error.php'; die(); } $message = '<h1>' . __( 'Error establishing a database connection' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: 1: wp-config.php, 2: Database host. */ __( 'This either means that the username and password information in your %1$s file is incorrect or that contact with the database server at %2$s could not be established. This could mean your host’s database server is down.' ), '<code>wp-config.php</code>', '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure you have the correct username and password?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure you have typed the correct hostname?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; $this->bail( $message, 'db_connect_fail' ); return false; } elseif ( $this->dbh ) { if ( ! $this->has_connected ) { $this->init_charset(); } $this->has_connected = true; $this->set_charset( $this->dbh ); $this->ready = true; $this->set_sql_mode(); $this->select( $this->dbname, $this->dbh ); return true; } return false; } /** * Parses the DB_HOST setting to interpret it for mysqli_real_connect(). * * mysqli_real_connect() doesn't support the host param including a port or socket * like mysql_connect() does. This duplicates how mysql_connect() detects a port * and/or socket file. * * @since 4.9.0 * * @param string $host The DB_HOST setting to parse. * @return array|false { * Array containing the host, the port, the socket and * whether it is an IPv6 address, in that order. * False if the host couldn't be parsed. * * @type string $0 Host name. * @type string|null $1 Port. * @type string|null $2 Socket. * @type bool $3 Whether it is an IPv6 address. * } */ public function parse_db_host( $host ) { $socket = null; $is_ipv6 = false; // First peel off the socket parameter from the right, if it exists. $socket_pos = strpos( $host, ':/' ); if ( false !== $socket_pos ) { $socket = substr( $host, $socket_pos + 1 ); $host = substr( $host, 0, $socket_pos ); } // We need to check for an IPv6 address first. // An IPv6 address will always contain at least two colons. if ( substr_count( $host, ':' ) > 1 ) { $pattern = '#^(?:\[)?(?P<host>[0-9a-fA-F:]+)(?:\]:(?P<port>[\d]+))?#'; $is_ipv6 = true; } else { // We seem to be dealing with an IPv4 address. $pattern = '#^(?P<host>[^:/]*)(?::(?P<port>[\d]+))?#'; } $matches = array(); $result = preg_match( $pattern, $host, $matches ); if ( 1 !== $result ) { // Couldn't parse the address, bail. return false; } $host = ! empty( $matches['host'] ) ? $matches['host'] : ''; // MySQLi port cannot be a string; must be null or an integer. $port = ! empty( $matches['port'] ) ? absint( $matches['port'] ) : null; return array( $host, $port, $socket, $is_ipv6 ); } /** * Checks that the connection to the database is still up. If not, try to reconnect. * * If this function is unable to reconnect, it will forcibly die, or if called * after the {@see 'template_redirect'} hook has been fired, return false instead. * * If `$allow_bail` is false, the lack of database connection will need to be handled manually. * * @since 3.9.0 * * @param bool $allow_bail Optional. Allows the function to bail. Default true. * @return bool|void True if the connection is up. */ public function check_connection( $allow_bail = true ) { if ( $this->use_mysqli ) { if ( ! empty( $this->dbh ) && mysqli_ping( $this->dbh ) ) { return true; } } else { if ( ! empty( $this->dbh ) && mysql_ping( $this->dbh ) ) { return true; } } $error_reporting = false; // Disable warnings, as we don't want to see a multitude of "unable to connect" messages. if ( WP_DEBUG ) { $error_reporting = error_reporting(); error_reporting( $error_reporting & ~E_WARNING ); } for ( $tries = 1; $tries <= $this->reconnect_retries; $tries++ ) { // On the last try, re-enable warnings. We want to see a single instance // of the "unable to connect" message on the bail() screen, if it appears. if ( $this->reconnect_retries === $tries && WP_DEBUG ) { error_reporting( $error_reporting ); } if ( $this->db_connect( false ) ) { if ( $error_reporting ) { error_reporting( $error_reporting ); } return true; } sleep( 1 ); } // If template_redirect has already happened, it's too late for wp_die()/dead_db(). // Let's just return and hope for the best. if ( did_action( 'template_redirect' ) ) { return false; } if ( ! $allow_bail ) { return false; } wp_load_translations_early(); $message = '<h1>' . __( 'Error reconnecting to the database' ) . "</h1>\n"; $message .= '<p>' . sprintf( /* translators: %s: Database host. */ __( 'This means that the contact with the database server at %s was lost. This could mean your host’s database server is down.' ), '<code>' . htmlspecialchars( $this->dbhost, ENT_QUOTES ) . '</code>' ) . "</p>\n"; $message .= "<ul>\n"; $message .= '<li>' . __( 'Are you sure the database server is running?' ) . "</li>\n"; $message .= '<li>' . __( 'Are you sure the database server is not under particularly heavy load?' ) . "</li>\n"; $message .= "</ul>\n"; $message .= '<p>' . sprintf( /* translators: %s: Support forums URL. */ __( 'If you are unsure what these terms mean you should probably contact your host. If you still need help you can always visit the <a href="%s">WordPress support forums</a>.' ), __( 'https://wordpress.org/support/forums/' ) ) . "</p>\n"; // We weren't able to reconnect, so we better bail. $this->bail( $message, 'db_connect_fail' ); // Call dead_db() if bail didn't die, because this database is no more. // It has ceased to be (at least temporarily). dead_db(); } /** * Performs a database query, using current database connection. * * More information can be found on the documentation page. * * @since 0.71 * * @link https://developer.wordpress.org/reference/classes/wpdb/ * * @param string $query Database query. * @return int|bool Boolean true for CREATE, ALTER, TRUNCATE and DROP queries. Number of rows * affected/selected for all other queries. Boolean false on error. */ public function query( $query ) { if ( ! $this->ready ) { $this->check_current_query = true; return false; } /** * Filters the database query. * * Some queries are made before the plugins have been loaded, * and thus cannot be filtered with this method. * * @since 2.1.0 * * @param string $query Database query. */ $query = apply_filters( 'query', $query ); if ( ! $query ) { $this->insert_id = 0; return false; } $this->flush(); // Log how the function was called. $this->func_call = "\$db->query(\"$query\")"; // If we're writing to the database, make sure the query will write safely. if ( $this->check_current_query && ! $this->check_ascii( $query ) ) { $stripped_query = $this->strip_invalid_text_from_query( $query ); // strip_invalid_text_from_query() can perform queries, so we need // to flush again, just to make sure everything is clear. $this->flush(); if ( $stripped_query !== $query ) { $this->insert_id = 0; $this->last_query = $query; wp_load_translations_early(); $this->last_error = __( 'WordPress database error: Could not perform query because it contains invalid data.' ); return false; } } $this->check_current_query = true; // Keep track of the last query for debug. $this->last_query = $query; $this->_do_query( $query ); // Database server has gone away, try to reconnect. $mysql_errno = 0; if ( ! empty( $this->dbh ) ) { if ( $this->use_mysqli ) { if ( $this->dbh instanceof mysqli ) { $mysql_errno = mysqli_errno( $this->dbh ); } else { // $dbh is defined, but isn't a real connection. // Something has gone horribly wrong, let's try a reconnect. $mysql_errno = 2006; } } else { if ( is_resource( $this->dbh ) ) { $mysql_errno = mysql_errno( $this->dbh ); } else { $mysql_errno = 2006; } } } if ( empty( $this->dbh ) || 2006 === $mysql_errno ) { if ( $this->check_connection() ) { $this->_do_query( $query ); } else { $this->insert_id = 0; return false; } } // If there is an error then take note of it. if ( $this->use_mysqli ) { if ( $this->dbh instanceof mysqli ) { $this->last_error = mysqli_error( $this->dbh ); } else { $this->last_error = __( 'Unable to retrieve the error message from MySQL' ); } } else { if ( is_resource( $this->dbh ) ) { $this->last_error = mysql_error( $this->dbh ); } else { $this->last_error = __( 'Unable to retrieve the error message from MySQL' ); } } if ( $this->last_error ) { // Clear insert_id on a subsequent failed insert. if ( $this->insert_id && preg_match( '/^\s*(insert|replace)\s/i', $query ) ) { $this->insert_id = 0; } $this->print_error(); return false; } if ( preg_match( '/^\s*(create|alter|truncate|drop)\s/i', $query ) ) { $return_val = $this->result; } elseif ( preg_match( '/^\s*(insert|delete|update|replace)\s/i', $query ) ) { if ( $this->use_mysqli ) { $this->rows_affected = mysqli_affected_rows( $this->dbh ); } else { $this->rows_affected = mysql_affected_rows( $this->dbh ); } // Take note of the insert_id. if ( preg_match( '/^\s*(insert|replace)\s/i', $query ) ) { if ( $this->use_mysqli ) { $this->insert_id = mysqli_insert_id( $this->dbh ); } else { $this->insert_id = mysql_insert_id( $this->dbh ); } } // Return number of rows affected. $return_val = $this->rows_affected; } else { $num_rows = 0; if ( $this->use_mysqli && $this->result instanceof mysqli_result ) { while ( $row = mysqli_fetch_object( $this->result ) ) { $this->last_result[ $num_rows ] = $row; $num_rows++; } } elseif ( is_resource( $this->result ) ) { while ( $row = mysql_fetch_object( $this->result ) ) { $this->last_result[ $num_rows ] = $row; $num_rows++; } } // Log and return the number of rows selected. $this->num_rows = $num_rows; $return_val = $num_rows; } return $return_val; } /** * Internal function to perform the mysql_query() call. * * @since 3.9.0 * * @see wpdb::query() * * @param string $query The query to run. */ private function _do_query( $query ) { if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) { $this->timer_start(); } if ( ! empty( $this->dbh ) && $this->use_mysqli ) { $this->result = mysqli_query( $this->dbh, $query ); } elseif ( ! empty( $this->dbh ) ) { $this->result = mysql_query( $query, $this->dbh ); } $this->num_queries++; if ( defined( 'SAVEQUERIES' ) && SAVEQUERIES ) { $this->log_query( $query, $this->timer_stop(), $this->get_caller(), $this->time_start, array() ); } } /** * Logs query data. * * @since 5.3.0 * * @param string $query The query's SQL. * @param float $query_time Total time spent on the query, in seconds. * @param string $query_callstack Comma-separated list of the calling functions. * @param float $query_start Unix timestamp of the time at the start of the query. * @param array $query_data Custom query data. */ public function log_query( $query, $query_time, $query_callstack, $query_start, $query_data ) { /** * Filters the custom data to log alongside a query. * * Caution should be used when modifying any of this data, it is recommended that any additional * information you need to store about a query be added as a new associative array element. * * @since 5.3.0 * * @param array $query_data Custom query data. * @param string $query The query's SQL. * @param float $query_time Total time spent on the query, in seconds. * @param string $query_callstack Comma-separated list of the calling functions. * @param float $query_start Unix timestamp of the time at the start of the query. */ $query_data = apply_filters( 'log_query_custom_data', $query_data, $query, $query_time, $query_callstack, $query_start ); $this->queries[] = array( $query, $query_time, $query_callstack, $query_start, $query_data, ); } /** * Generates and returns a placeholder escape string for use in queries returned by ::prepare(). * * @since 4.8.3 * * @return string String to escape placeholders. */ public function placeholder_escape() { static $placeholder; if ( ! $placeholder ) { // If ext/hash is not present, compat.php's hash_hmac() does not support sha256. $algo = function_exists( 'hash' ) ? 'sha256' : 'sha1'; // Old WP installs may not have AUTH_SALT defined. $salt = defined( 'AUTH_SALT' ) && AUTH_SALT ? AUTH_SALT : (string) rand(); $placeholder = '{' . hash_hmac( $algo, uniqid( $salt, true ), $salt ) . '}'; } /* * Add the filter to remove the placeholder escaper. Uses priority 0, so that anything * else attached to this filter will receive the query with the placeholder string removed. */ if ( false === has_filter( 'query', array( $this, 'remove_placeholder_escape' ) ) ) { add_filter( 'query', array( $this, 'remove_placeholder_escape' ), 0 ); } return $placeholder; } /** * Adds a placeholder escape string, to escape anything that resembles a printf() placeholder. * * @since 4.8.3 * * @param string $query The query to escape. * @return string The query with the placeholder escape string inserted where necessary. */ public function add_placeholder_escape( $query ) { /* * To prevent returning anything that even vaguely resembles a placeholder, * we clobber every % we can find. */ return str_replace( '%', $this->placeholder_escape(), $query ); } /** * Removes the placeholder escape strings from a query. * * @since 4.8.3 * * @param string $query The query from which the placeholder will be removed. * @return string The query with the placeholder removed. */ public function remove_placeholder_escape( $query ) { return str_replace( $this->placeholder_escape(), '%', $query ); } /** * Inserts a row into the table. * * Examples: * * wpdb::insert( 'table', array( 'column' => 'foo', 'field' => 'bar' ) ) * wpdb::insert( 'table', array( 'column' => 'foo', 'field' => 1337 ), array( '%s', '%d' ) ) * * @since 2.5.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both $data columns and $data values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param array|string $format Optional. An array of formats to be mapped to each of the value in $data. * If string, that format will be used for all of the values in $data. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows inserted, or false on error. */ public function insert( $table, $data, $format = null ) { return $this->_insert_replace_helper( $table, $data, $format, 'INSERT' ); } /** * Replaces a row in the table. * * Examples: * * wpdb::replace( 'table', array( 'column' => 'foo', 'field' => 'bar' ) ) * wpdb::replace( 'table', array( 'column' => 'foo', 'field' => 1337 ), array( '%s', '%d' ) ) * * @since 3.0.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both $data columns and $data values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param array|string $format Optional. An array of formats to be mapped to each of the value in $data. * If string, that format will be used for all of the values in $data. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows affected, or false on error. */ public function replace( $table, $data, $format = null ) { return $this->_insert_replace_helper( $table, $data, $format, 'REPLACE' ); } /** * Helper function for insert and replace. * * Runs an insert or replace query based on $type argument. * * @since 3.0.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to insert (in column => value pairs). * Both $data columns and $data values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param array|string $format Optional. An array of formats to be mapped to each of the value in $data. * If string, that format will be used for all of the values in $data. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @param string $type Optional. Type of operation. Possible values include 'INSERT' or 'REPLACE'. * Default 'INSERT'. * @return int|false The number of rows affected, or false on error. */ public function _insert_replace_helper( $table, $data, $format = null, $type = 'INSERT' ) { $this->insert_id = 0; if ( ! in_array( strtoupper( $type ), array( 'REPLACE', 'INSERT' ), true ) ) { return false; } $data = $this->process_fields( $table, $data, $format ); if ( false === $data ) { return false; } $formats = array(); $values = array(); foreach ( $data as $value ) { if ( is_null( $value['value'] ) ) { $formats[] = 'NULL'; continue; } $formats[] = $value['format']; $values[] = $value['value']; } $fields = '`' . implode( '`, `', array_keys( $data ) ) . '`'; $formats = implode( ', ', $formats ); $sql = "$type INTO `$table` ($fields) VALUES ($formats)"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Updates a row in the table. * * Examples: * * wpdb::update( 'table', array( 'column' => 'foo', 'field' => 'bar' ), array( 'ID' => 1 ) ) * wpdb::update( 'table', array( 'column' => 'foo', 'field' => 1337 ), array( 'ID' => 1 ), array( '%s', '%d' ), array( '%d' ) ) * * @since 2.5.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $data Data to update (in column => value pairs). * Both $data columns and $data values should be "raw" (neither should be SQL escaped). * Sending a null value will cause the column to be set to NULL - the corresponding * format is ignored in this case. * @param array $where A named array of WHERE clauses (in column => value pairs). * Multiple clauses will be joined with ANDs. * Both $where columns and $where values should be "raw". * Sending a null value will create an IS NULL comparison - the corresponding * format will be ignored in this case. * @param array|string $format Optional. An array of formats to be mapped to each of the values in $data. * If string, that format will be used for all of the values in $data. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @param array|string $where_format Optional. An array of formats to be mapped to each of the values in $where. * If string, that format will be used for all of the items in $where. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $where will be treated as strings. Default null. * @return int|false The number of rows updated, or false on error. */ public function update( $table, $data, $where, $format = null, $where_format = null ) { if ( ! is_array( $data ) || ! is_array( $where ) ) { return false; } $data = $this->process_fields( $table, $data, $format ); if ( false === $data ) { return false; } $where = $this->process_fields( $table, $where, $where_format ); if ( false === $where ) { return false; } $fields = array(); $conditions = array(); $values = array(); foreach ( $data as $field => $value ) { if ( is_null( $value['value'] ) ) { $fields[] = "`$field` = NULL"; continue; } $fields[] = "`$field` = " . $value['format']; $values[] = $value['value']; } foreach ( $where as $field => $value ) { if ( is_null( $value['value'] ) ) { $conditions[] = "`$field` IS NULL"; continue; } $conditions[] = "`$field` = " . $value['format']; $values[] = $value['value']; } $fields = implode( ', ', $fields ); $conditions = implode( ' AND ', $conditions ); $sql = "UPDATE `$table` SET $fields WHERE $conditions"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Deletes a row in the table. * * Examples: * * wpdb::delete( 'table', array( 'ID' => 1 ) ) * wpdb::delete( 'table', array( 'ID' => 1 ), array( '%d' ) ) * * @since 3.4.0 * * @see wpdb::prepare() * @see wpdb::$field_types * @see wp_set_wpdb_vars() * * @param string $table Table name. * @param array $where A named array of WHERE clauses (in column => value pairs). * Multiple clauses will be joined with ANDs. * Both $where columns and $where values should be "raw". * Sending a null value will create an IS NULL comparison - the corresponding * format will be ignored in this case. * @param array|string $where_format Optional. An array of formats to be mapped to each of the values in $where. * If string, that format will be used for all of the items in $where. * A format is one of '%d', '%f', '%s' (integer, float, string). * If omitted, all values in $data will be treated as strings unless otherwise * specified in wpdb::$field_types. Default null. * @return int|false The number of rows deleted, or false on error. */ public function delete( $table, $where, $where_format = null ) { if ( ! is_array( $where ) ) { return false; } $where = $this->process_fields( $table, $where, $where_format ); if ( false === $where ) { return false; } $conditions = array(); $values = array(); foreach ( $where as $field => $value ) { if ( is_null( $value['value'] ) ) { $conditions[] = "`$field` IS NULL"; continue; } $conditions[] = "`$field` = " . $value['format']; $values[] = $value['value']; } $conditions = implode( ' AND ', $conditions ); $sql = "DELETE FROM `$table` WHERE $conditions"; $this->check_current_query = false; return $this->query( $this->prepare( $sql, $values ) ); } /** * Processes arrays of field/value pairs and field formats. * * This is a helper method for wpdb's CRUD methods, which take field/value pairs * for inserts, updates, and where clauses. This method first pairs each value * with a format. Then it determines the charset of that field, using that * to determine if any invalid text would be stripped. If text is stripped, * then field processing is rejected and the query fails. * * @since 4.2.0 * * @param string $table Table name. * @param array $data Field/value pair. * @param mixed $format Format for each field. * @return array|false An array of fields that contain paired value and formats. * False for invalid values. */ protected function process_fields( $table, $data, $format ) { $data = $this->process_field_formats( $data, $format ); if ( false === $data ) { return false; } $data = $this->process_field_charsets( $data, $table ); if ( false === $data ) { return false; } $data = $this->process_field_lengths( $data, $table ); if ( false === $data ) { return false; } $converted_data = $this->strip_invalid_text( $data ); if ( $data !== $converted_data ) { $problem_fields = array(); foreach ( $data as $field => $value ) { if ( $value !== $converted_data[ $field ] ) { $problem_fields[] = $field; } } wp_load_translations_early(); if ( 1 === count( $problem_fields ) ) { $this->last_error = sprintf( /* translators: %s: Database field where the error occurred. */ __( 'WordPress database error: Processing the value for the following field failed: %s. The supplied value may be too long or contains invalid data.' ), reset( $problem_fields ) ); } else { $this->last_error = sprintf( /* translators: %s: Database fields where the error occurred. */ __( 'WordPress database error: Processing the values for the following fields failed: %s. The supplied values may be too long or contain invalid data.' ), implode( ', ', $problem_fields ) ); } return false; } return $data; } /** * Prepares arrays of value/format pairs as passed to wpdb CRUD methods. * * @since 4.2.0 * * @param array $data Array of fields to values. * @param mixed $format Formats to be mapped to the values in $data. * @return array Array, keyed by field names with values being an array * of 'value' and 'format' keys. */ protected function process_field_formats( $data, $format ) { $formats = (array) $format; $original_formats = $formats; foreach ( $data as $field => $value ) { $value = array( 'value' => $value, 'format' => '%s', ); if ( ! empty( $format ) ) { $value['format'] = array_shift( $formats ); if ( ! $value['format'] ) { $value['format'] = reset( $original_formats ); } } elseif ( isset( $this->field_types[ $field ] ) ) { $value['format'] = $this->field_types[ $field ]; } $data[ $field ] = $value; } return $data; } /** * Adds field charsets to field/value/format arrays generated by wpdb::process_field_formats(). * * @since 4.2.0 * * @param array $data As it comes from the wpdb::process_field_formats() method. * @param string $table Table name. * @return array|false The same array as $data with additional 'charset' keys. * False on failure. */ protected function process_field_charsets( $data, $table ) { foreach ( $data as $field => $value ) { if ( '%d' === $value['format'] || '%f' === $value['format'] ) { /* * We can skip this field if we know it isn't a string. * This checks %d/%f versus ! %s because its sprintf() could take more. */ $value['charset'] = false; } else { $value['charset'] = $this->get_col_charset( $table, $field ); if ( is_wp_error( $value['charset'] ) ) { return false; } } $data[ $field ] = $value; } return $data; } /** * For string fields, records the maximum string length that field can safely save. * * @since 4.2.1 * * @param array $data As it comes from the wpdb::process_field_charsets() method. * @param string $table Table name. * @return array|false The same array as $data with additional 'length' keys, or false if * any of the values were too long for their corresponding field. */ protected function process_field_lengths( $data, $table ) { foreach ( $data as $field => $value ) { if ( '%d' === $value['format'] || '%f' === $value['format'] ) { /* * We can skip this field if we know it isn't a string. * This checks %d/%f versus ! %s because its sprintf() could take more. */ $value['length'] = false; } else { $value['length'] = $this->get_col_length( $table, $field ); if ( is_wp_error( $value['length'] ) ) { return false; } } $data[ $field ] = $value; } return $data; } /** * Retrieves one variable from the database. * * Executes a SQL query and returns the value from the SQL result. * If the SQL result contains more than one column and/or more than one row, * the value in the column and row specified is returned. If $query is null, * the value in the specified column and row from the previous SQL result is returned. * * @since 0.71 * * @param string|null $query Optional. SQL query. Defaults to null, use the result from the previous query. * @param int $x Optional. Column of value to return. Indexed from 0. Default 0. * @param int $y Optional. Row of value to return. Indexed from 0. Default 0. * @return string|null Database query result (as string), or null on failure. */ public function get_var( $query = null, $x = 0, $y = 0 ) { $this->func_call = "\$db->get_var(\"$query\", $x, $y)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } // Extract var out of cached results based on x,y vals. if ( ! empty( $this->last_result[ $y ] ) ) { $values = array_values( get_object_vars( $this->last_result[ $y ] ) ); } // If there is a value return it, else return null. return ( isset( $values[ $x ] ) && '' !== $values[ $x ] ) ? $values[ $x ] : null; } /** * Retrieves one row from the database. * * Executes a SQL query and returns the row from the SQL result. * * @since 0.71 * * @param string|null $query SQL query. * @param string $output Optional. The required return type. One of OBJECT, ARRAY_A, or ARRAY_N, which * correspond to an stdClass object, an associative array, or a numeric array, * respectively. Default OBJECT. * @param int $y Optional. Row to return. Indexed from 0. Default 0. * @return array|object|null|void Database query result in format specified by $output or null on failure. */ public function get_row( $query = null, $output = OBJECT, $y = 0 ) { $this->func_call = "\$db->get_row(\"$query\",$output,$y)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } else { return null; } if ( ! isset( $this->last_result[ $y ] ) ) { return null; } if ( OBJECT === $output ) { return $this->last_result[ $y ] ? $this->last_result[ $y ] : null; } elseif ( ARRAY_A === $output ) { return $this->last_result[ $y ] ? get_object_vars( $this->last_result[ $y ] ) : null; } elseif ( ARRAY_N === $output ) { return $this->last_result[ $y ] ? array_values( get_object_vars( $this->last_result[ $y ] ) ) : null; } elseif ( OBJECT === strtoupper( $output ) ) { // Back compat for OBJECT being previously case-insensitive. return $this->last_result[ $y ] ? $this->last_result[ $y ] : null; } else { $this->print_error( ' $db->get_row(string query, output type, int offset) -- Output type must be one of: OBJECT, ARRAY_A, ARRAY_N' ); } } /** * Retrieves one column from the database. * * Executes a SQL query and returns the column from the SQL result. * If the SQL result contains more than one column, the column specified is returned. * If $query is null, the specified column from the previous SQL result is returned. * * @since 0.71 * * @param string|null $query Optional. SQL query. Defaults to previous query. * @param int $x Optional. Column to return. Indexed from 0. Default 0. * @return array Database query result. Array indexed from 0 by SQL result row number. */ public function get_col( $query = null, $x = 0 ) { if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } $new_array = array(); // Extract the column values. if ( $this->last_result ) { for ( $i = 0, $j = count( $this->last_result ); $i < $j; $i++ ) { $new_array[ $i ] = $this->get_var( null, $x, $i ); } } return $new_array; } /** * Retrieves an entire SQL result set from the database (i.e., many rows). * * Executes a SQL query and returns the entire SQL result. * * @since 0.71 * * @param string $query SQL query. * @param string $output Optional. Any of ARRAY_A | ARRAY_N | OBJECT | OBJECT_K constants. * With one of the first three, return an array of rows indexed * from 0 by SQL result row number. Each row is an associative array * (column => value, ...), a numerically indexed array (0 => value, ...), * or an object ( ->column = value ), respectively. With OBJECT_K, * return an associative array of row objects keyed by the value * of each row's first column's value. Duplicate keys are discarded. * Default OBJECT. * @return array|object|null Database query results. */ public function get_results( $query = null, $output = OBJECT ) { $this->func_call = "\$db->get_results(\"$query\", $output)"; if ( $query ) { if ( $this->check_current_query && $this->check_safe_collation( $query ) ) { $this->check_current_query = false; } $this->query( $query ); } else { return null; } $new_array = array(); if ( OBJECT === $output ) { // Return an integer-keyed array of row objects. return $this->last_result; } elseif ( OBJECT_K === $output ) { // Return an array of row objects with keys from column 1. // (Duplicates are discarded.) if ( $this->last_result ) { foreach ( $this->last_result as $row ) { $var_by_ref = get_object_vars( $row ); $key = array_shift( $var_by_ref ); if ( ! isset( $new_array[ $key ] ) ) { $new_array[ $key ] = $row; } } } return $new_array; } elseif ( ARRAY_A === $output || ARRAY_N === $output ) { // Return an integer-keyed array of... if ( $this->last_result ) { foreach ( (array) $this->last_result as $row ) { if ( ARRAY_N === $output ) { // ...integer-keyed row arrays. $new_array[] = array_values( get_object_vars( $row ) ); } else { // ...column name-keyed row arrays. $new_array[] = get_object_vars( $row ); } } } return $new_array; } elseif ( strtoupper( $output ) === OBJECT ) { // Back compat for OBJECT being previously case-insensitive. return $this->last_result; } return null; } /** * Retrieves the character set for the given table. * * @since 4.2.0 * * @param string $table Table name. * @return string|WP_Error Table character set, WP_Error object if it couldn't be found. */ protected function get_table_charset( $table ) { $tablekey = strtolower( $table ); /** * Filters the table charset value before the DB is checked. * * Returning a non-null value from the filter will effectively short-circuit * checking the DB for the charset, returning that value instead. * * @since 4.2.0 * * @param string|WP_Error|null $charset The character set to use, WP_Error object * if it couldn't be found. Default null. * @param string $table The name of the table being checked. */ $charset = apply_filters( 'pre_get_table_charset', null, $table ); if ( null !== $charset ) { return $charset; } if ( isset( $this->table_charset[ $tablekey ] ) ) { return $this->table_charset[ $tablekey ]; } $charsets = array(); $columns = array(); $table_parts = explode( '.', $table ); $table = '`' . implode( '`.`', $table_parts ) . '`'; $results = $this->get_results( "SHOW FULL COLUMNS FROM $table" ); if ( ! $results ) { return new WP_Error( 'wpdb_get_table_charset_failure', __( 'Could not retrieve table charset.' ) ); } foreach ( $results as $column ) { $columns[ strtolower( $column->Field ) ] = $column; } $this->col_meta[ $tablekey ] = $columns; foreach ( $columns as $column ) { if ( ! empty( $column->Collation ) ) { list( $charset ) = explode( '_', $column->Collation ); // If the current connection can't support utf8mb4 characters, let's only send 3-byte utf8 characters. if ( 'utf8mb4' === $charset && ! $this->has_cap( 'utf8mb4' ) ) { $charset = 'utf8'; } $charsets[ strtolower( $charset ) ] = true; } list( $type ) = explode( '(', $column->Type ); // A binary/blob means the whole query gets treated like this. if ( in_array( strtoupper( $type ), array( 'BINARY', 'VARBINARY', 'TINYBLOB', 'MEDIUMBLOB', 'BLOB', 'LONGBLOB' ), true ) ) { $this->table_charset[ $tablekey ] = 'binary'; return 'binary'; } } // utf8mb3 is an alias for utf8. if ( isset( $charsets['utf8mb3'] ) ) { $charsets['utf8'] = true; unset( $charsets['utf8mb3'] ); } // Check if we have more than one charset in play. $count = count( $charsets ); if ( 1 === $count ) { $charset = key( $charsets ); } elseif ( 0 === $count ) { // No charsets, assume this table can store whatever. $charset = false; } else { // More than one charset. Remove latin1 if present and recalculate. unset( $charsets['latin1'] ); $count = count( $charsets ); if ( 1 === $count ) { // Only one charset (besides latin1). $charset = key( $charsets ); } elseif ( 2 === $count && isset( $charsets['utf8'], $charsets['utf8mb4'] ) ) { // Two charsets, but they're utf8 and utf8mb4, use utf8. $charset = 'utf8'; } else { // Two mixed character sets. ascii. $charset = 'ascii'; } } $this->table_charset[ $tablekey ] = $charset; return $charset; } /** * Retrieves the character set for the given column. * * @since 4.2.0 * * @param string $table Table name. * @param string $column Column name. * @return string|false|WP_Error Column character set as a string. False if the column has * no character set. WP_Error object if there was an error. */ public function get_col_charset( $table, $column ) { $tablekey = strtolower( $table ); $columnkey = strtolower( $column ); /** * Filters the column charset value before the DB is checked. * * Passing a non-null value to the filter will short-circuit * checking the DB for the charset, returning that value instead. * * @since 4.2.0 * * @param string|null $charset The character set to use. Default null. * @param string $table The name of the table being checked. * @param string $column The name of the column being checked. */ $charset = apply_filters( 'pre_get_col_charset', null, $table, $column ); if ( null !== $charset ) { return $charset; } // Skip this entirely if this isn't a MySQL database. if ( empty( $this->is_mysql ) ) { return false; } if ( empty( $this->table_charset[ $tablekey ] ) ) { // This primes column information for us. $table_charset = $this->get_table_charset( $table ); if ( is_wp_error( $table_charset ) ) { return $table_charset; } } // If still no column information, return the table charset. if ( empty( $this->col_meta[ $tablekey ] ) ) { return $this->table_charset[ $tablekey ]; } // If this column doesn't exist, return the table charset. if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) { return $this->table_charset[ $tablekey ]; } // Return false when it's not a string column. if ( empty( $this->col_meta[ $tablekey ][ $columnkey ]->Collation ) ) { return false; } list( $charset ) = explode( '_', $this->col_meta[ $tablekey ][ $columnkey ]->Collation ); return $charset; } /** * Retrieves the maximum string length allowed in a given column. * * The length may either be specified as a byte length or a character length. * * @since 4.2.1 * * @param string $table Table name. * @param string $column Column name. * @return array|false|WP_Error { * Array of column length information, false if the column has no length (for * example, numeric column), WP_Error object if there was an error. * * @type int $length The column length. * @type string $type One of 'byte' or 'char'. */ public function get_col_length( $table, $column ) { $tablekey = strtolower( $table ); $columnkey = strtolower( $column ); // Skip this entirely if this isn't a MySQL database. if ( empty( $this->is_mysql ) ) { return false; } if ( empty( $this->col_meta[ $tablekey ] ) ) { // This primes column information for us. $table_charset = $this->get_table_charset( $table ); if ( is_wp_error( $table_charset ) ) { return $table_charset; } } if ( empty( $this->col_meta[ $tablekey ][ $columnkey ] ) ) { return false; } $typeinfo = explode( '(', $this->col_meta[ $tablekey ][ $columnkey ]->Type ); $type = strtolower( $typeinfo[0] ); if ( ! empty( $typeinfo[1] ) ) { $length = trim( $typeinfo[1], ')' ); } else { $length = false; } switch ( $type ) { case 'char': case 'varchar': return array( 'type' => 'char', 'length' => (int) $length, ); case 'binary': case 'varbinary': return array( 'type' => 'byte', 'length' => (int) $length, ); case 'tinyblob': case 'tinytext': return array( 'type' => 'byte', 'length' => 255, // 2^8 - 1 ); case 'blob': case 'text': return array( 'type' => 'byte', 'length' => 65535, // 2^16 - 1 ); case 'mediumblob': case 'mediumtext': return array( 'type' => 'byte', 'length' => 16777215, // 2^24 - 1 ); case 'longblob': case 'longtext': return array( 'type' => 'byte', 'length' => 4294967295, // 2^32 - 1 ); default: return false; } } /** * Checks if a string is ASCII. * * The negative regex is faster for non-ASCII strings, as it allows * the search to finish as soon as it encounters a non-ASCII character. * * @since 4.2.0 * * @param string $input_string String to check. * @return bool True if ASCII, false if not. */ protected function check_ascii( $input_string ) { if ( function_exists( 'mb_check_encoding' ) ) { if ( mb_check_encoding( $input_string, 'ASCII' ) ) { return true; } } elseif ( ! preg_match( '/[^\x00-\x7F]/', $input_string ) ) { return true; } return false; } /** * Checks if the query is accessing a collation considered safe on the current version of MySQL. * * @since 4.2.0 * * @param string $query The query to check. * @return bool True if the collation is safe, false if it isn't. */ protected function check_safe_collation( $query ) { if ( $this->checking_collation ) { return true; } // We don't need to check the collation for queries that don't read data. $query = ltrim( $query, "\r\n\t (" ); if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $query ) ) { return true; } // All-ASCII queries don't need extra checking. if ( $this->check_ascii( $query ) ) { return true; } $table = $this->get_table_from_query( $query ); if ( ! $table ) { return false; } $this->checking_collation = true; $collation = $this->get_table_charset( $table ); $this->checking_collation = false; // Tables with no collation, or latin1 only, don't need extra checking. if ( false === $collation || 'latin1' === $collation ) { return true; } $table = strtolower( $table ); if ( empty( $this->col_meta[ $table ] ) ) { return false; } // If any of the columns don't have one of these collations, it needs more sanity checking. $safe_collations = array( 'utf8_bin', 'utf8_general_ci', 'utf8mb3_bin', 'utf8mb3_general_ci', 'utf8mb4_bin', 'utf8mb4_general_ci', ); foreach ( $this->col_meta[ $table ] as $col ) { if ( empty( $col->Collation ) ) { continue; } if ( ! in_array( $col->Collation, $safe_collations, true ) ) { return false; } } return true; } /** * Strips any invalid characters based on value/charset pairs. * * @since 4.2.0 * * @param array $data Array of value arrays. Each value array has the keys 'value' and 'charset'. * An optional 'ascii' key can be set to false to avoid redundant ASCII checks. * @return array|WP_Error The $data parameter, with invalid characters removed from each value. * This works as a passthrough: any additional keys such as 'field' are * retained in each value array. If we cannot remove invalid characters, * a WP_Error object is returned. */ protected function strip_invalid_text( $data ) { $db_check_string = false; foreach ( $data as &$value ) { $charset = $value['charset']; if ( is_array( $value['length'] ) ) { $length = $value['length']['length']; $truncate_by_byte_length = 'byte' === $value['length']['type']; } else { $length = false; // Since we have no length, we'll never truncate. Initialize the variable to false. // True would take us through an unnecessary (for this case) codepath below. $truncate_by_byte_length = false; } // There's no charset to work with. if ( false === $charset ) { continue; } // Column isn't a string. if ( ! is_string( $value['value'] ) ) { continue; } $needs_validation = true; if ( // latin1 can store any byte sequence. 'latin1' === $charset || // ASCII is always OK. ( ! isset( $value['ascii'] ) && $this->check_ascii( $value['value'] ) ) ) { $truncate_by_byte_length = true; $needs_validation = false; } if ( $truncate_by_byte_length ) { mbstring_binary_safe_encoding(); if ( false !== $length && strlen( $value['value'] ) > $length ) { $value['value'] = substr( $value['value'], 0, $length ); } reset_mbstring_encoding(); if ( ! $needs_validation ) { continue; } } // utf8 can be handled by regex, which is a bunch faster than a DB lookup. if ( ( 'utf8' === $charset || 'utf8mb3' === $charset || 'utf8mb4' === $charset ) && function_exists( 'mb_strlen' ) ) { $regex = '/ ( (?: [\x00-\x7F] # single-byte sequences 0xxxxxxx | [\xC2-\xDF][\x80-\xBF] # double-byte sequences 110xxxxx 10xxxxxx | \xE0[\xA0-\xBF][\x80-\xBF] # triple-byte sequences 1110xxxx 10xxxxxx * 2 | [\xE1-\xEC][\x80-\xBF]{2} | \xED[\x80-\x9F][\x80-\xBF] | [\xEE-\xEF][\x80-\xBF]{2}'; if ( 'utf8mb4' === $charset ) { $regex .= ' | \xF0[\x90-\xBF][\x80-\xBF]{2} # four-byte sequences 11110xxx 10xxxxxx * 3 | [\xF1-\xF3][\x80-\xBF]{3} | \xF4[\x80-\x8F][\x80-\xBF]{2} '; } $regex .= '){1,40} # ...one or more times ) | . # anything else /x'; $value['value'] = preg_replace( $regex, '$1', $value['value'] ); if ( false !== $length && mb_strlen( $value['value'], 'UTF-8' ) > $length ) { $value['value'] = mb_substr( $value['value'], 0, $length, 'UTF-8' ); } continue; } // We couldn't use any local conversions, send it to the DB. $value['db'] = true; $db_check_string = true; } unset( $value ); // Remove by reference. if ( $db_check_string ) { $queries = array(); foreach ( $data as $col => $value ) { if ( ! empty( $value['db'] ) ) { // We're going to need to truncate by characters or bytes, depending on the length value we have. if ( isset( $value['length']['type'] ) && 'byte' === $value['length']['type'] ) { // Using binary causes LEFT() to truncate by bytes. $charset = 'binary'; } else { $charset = $value['charset']; } if ( $this->charset ) { $connection_charset = $this->charset; } else { if ( $this->use_mysqli ) { $connection_charset = mysqli_character_set_name( $this->dbh ); } else { $connection_charset = mysql_client_encoding(); } } if ( is_array( $value['length'] ) ) { $length = sprintf( '%.0f', $value['length']['length'] ); $queries[ $col ] = $this->prepare( "CONVERT( LEFT( CONVERT( %s USING $charset ), $length ) USING $connection_charset )", $value['value'] ); } elseif ( 'binary' !== $charset ) { // If we don't have a length, there's no need to convert binary - it will always return the same result. $queries[ $col ] = $this->prepare( "CONVERT( CONVERT( %s USING $charset ) USING $connection_charset )", $value['value'] ); } unset( $data[ $col ]['db'] ); } } $sql = array(); foreach ( $queries as $column => $query ) { if ( ! $query ) { continue; } $sql[] = $query . " AS x_$column"; } $this->check_current_query = false; $row = $this->get_row( 'SELECT ' . implode( ', ', $sql ), ARRAY_A ); if ( ! $row ) { return new WP_Error( 'wpdb_strip_invalid_text_failure', __( 'Could not strip invalid text.' ) ); } foreach ( array_keys( $data ) as $column ) { if ( isset( $row[ "x_$column" ] ) ) { $data[ $column ]['value'] = $row[ "x_$column" ]; } } } return $data; } /** * Strips any invalid characters from the query. * * @since 4.2.0 * * @param string $query Query to convert. * @return string|WP_Error The converted query, or a WP_Error object if the conversion fails. */ protected function strip_invalid_text_from_query( $query ) { // We don't need to check the collation for queries that don't read data. $trimmed_query = ltrim( $query, "\r\n\t (" ); if ( preg_match( '/^(?:SHOW|DESCRIBE|DESC|EXPLAIN|CREATE)\s/i', $trimmed_query ) ) { return $query; } $table = $this->get_table_from_query( $query ); if ( $table ) { $charset = $this->get_table_charset( $table ); if ( is_wp_error( $charset ) ) { return $charset; } // We can't reliably strip text from tables containing binary/blob columns. if ( 'binary' === $charset ) { return $query; } } else { $charset = $this->charset; } $data = array( 'value' => $query, 'charset' => $charset, 'ascii' => false, 'length' => false, ); $data = $this->strip_invalid_text( array( $data ) ); if ( is_wp_error( $data ) ) { return $data; } return $data[0]['value']; } /** * Strips any invalid characters from the string for a given table and column. * * @since 4.2.0 * * @param string $table Table name. * @param string $column Column name. * @param string $value The text to check. * @return string|WP_Error The converted string, or a WP_Error object if the conversion fails. */ public function strip_invalid_text_for_column( $table, $column, $value ) { if ( ! is_string( $value ) ) { return $value; } $charset = $this->get_col_charset( $table, $column ); if ( ! $charset ) { // Not a string column. return $value; } elseif ( is_wp_error( $charset ) ) { // Bail on real errors. return $charset; } $data = array( $column => array( 'value' => $value, 'charset' => $charset, 'length' => $this->get_col_length( $table, $column ), ), ); $data = $this->strip_invalid_text( $data ); if ( is_wp_error( $data ) ) { return $data; } return $data[ $column ]['value']; } /** * Finds the first table name referenced in a query. * * @since 4.2.0 * * @param string $query The query to search. * @return string|false The table name found, or false if a table couldn't be found. */ protected function get_table_from_query( $query ) { // Remove characters that can legally trail the table name. $query = rtrim( $query, ';/-#' ); // Allow (select...) union [...] style queries. Use the first query's table name. $query = ltrim( $query, "\r\n\t (" ); // Strip everything between parentheses except nested selects. $query = preg_replace( '/$(?!\s*select)[^(]*?$/is', '()', $query ); // Quickly match most common queries. if ( preg_match( '/^\s*(?:' . 'SELECT.*?\s+FROM' . '|INSERT(?:\s+LOW_PRIORITY|\s+DELAYED|\s+HIGH_PRIORITY)?(?:\s+IGNORE)?(?:\s+INTO)?' . '|REPLACE(?:\s+LOW_PRIORITY|\s+DELAYED)?(?:\s+INTO)?' . '|UPDATE(?:\s+LOW_PRIORITY)?(?:\s+IGNORE)?' . '|DELETE(?:\s+LOW_PRIORITY|\s+QUICK|\s+IGNORE)*(?:.+?FROM)?' . ')\s+((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)/is', $query, $maybe ) ) { return str_replace( '`', '', $maybe[1] ); } // SHOW TABLE STATUS and SHOW TABLES WHERE Name = 'wp_posts' if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES).+WHERE\s+Name\s*=\s*("|\')((?:[0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)\\1/is', $query, $maybe ) ) { return $maybe[2]; } /* * SHOW TABLE STATUS LIKE and SHOW TABLES LIKE 'wp\_123\_%' * This quoted LIKE operand seldom holds a full table name. * It is usually a pattern for matching a prefix so we just * strip the trailing % and unescape the _ to get 'wp_123_' * which drop-ins can use for routing these SQL statements. */ if ( preg_match( '/^\s*SHOW\s+(?:TABLE\s+STATUS|(?:FULL\s+)?TABLES)\s+(?:WHERE\s+Name\s+)?LIKE\s*("|\')((?:[\\\\0-9a-zA-Z$_.-]|[\xC2-\xDF][\x80-\xBF])+)%?\\1/is', $query, $maybe ) ) { return str_replace( '\\_', '_', $maybe[2] ); } // Big pattern for the rest of the table-related queries. if ( preg_match( '/^\s*(?:' . '(?:EXPLAIN\s+(?:EXTENDED\s+)?)?SELECT.*?\s+FROM' . '|DESCRIBE|DESC|EXPLAIN|HANDLER' . '|(?:LOCK|UNLOCK)\s+TABLE(?:S)?' . '|(?:RENAME|OPTIMIZE|BACKUP|RESTORE|CHECK|CHECKSUM|ANALYZE|REPAIR).*\s+TABLE' . '|TRUNCATE(?:\s+TABLE)?' . '|CREATE(?:\s+TEMPORARY)?\s+TABLE(?:\s+IF\s+NOT\s+EXISTS)?' . '|ALTER(?:\s+IGNORE)?\s+TABLE' . '|DROP\s+TABLE(?:\s+IF\s+EXISTS)?' . '|CREATE(?:\s+\w+)?\s+INDEX.*\s+ON' . '|DROP\s+INDEX.*\s+ON' . '|LOAD\s+DATA.*INFILE.*INTO\s+TABLE' . '|(?:GRANT|REVOKE).*ON\s+TABLE' . '|SHOW\s+(?:.*FROM|.*TABLE)' . ')\s+$*\s*((?:[0-9a-zA-Z$_.`-]|[\xC2-\xDF][\x80-\xBF])+)\s*$*/is', $query, $maybe ) ) { return str_replace( '`', '', $maybe[1] ); } return false; } /** * Loads the column metadata from the last query. * * @since 3.5.0 */ protected function load_col_info() { if ( $this->col_info ) { return; } if ( $this->use_mysqli ) { $num_fields = mysqli_num_fields( $this->result ); for ( $i = 0; $i < $num_fields; $i++ ) { $this->col_info[ $i ] = mysqli_fetch_field( $this->result ); } } else { $num_fields = mysql_num_fields( $this->result ); for ( $i = 0; $i < $num_fields; $i++ ) { $this->col_info[ $i ] = mysql_fetch_field( $this->result, $i ); } } } /** * Retrieves column metadata from the last query. * * @since 0.71 * * @param string $info_type Optional. Possible values include 'name', 'table', 'def', 'max_length', * 'not_null', 'primary_key', 'multiple_key', 'unique_key', 'numeric', * 'blob', 'type', 'unsigned', 'zerofill'. Default 'name'. * @param int $col_offset Optional. 0: col name. 1: which table the col's in. 2: col's max length. * 3: if the col is numeric. 4: col's type. Default -1. * @return mixed Column results. */ public function get_col_info( $info_type = 'name', $col_offset = -1 ) { $this->load_col_info(); if ( $this->col_info ) { if ( -1 === $col_offset ) { $i = 0; $new_array = array(); foreach ( (array) $this->col_info as $col ) { $new_array[ $i ] = $col->{$info_type}; $i++; } return $new_array; } else { return $this->col_info[ $col_offset ]->{$info_type}; } } } /** * Starts the timer, for debugging purposes. * * @since 1.5.0 * * @return true */ public function timer_start() { $this->time_start = microtime( true ); return true; } /** * Stops the debugging timer. * * @since 1.5.0 * * @return float Total time spent on the query, in seconds. */ public function timer_stop() { return ( microtime( true ) - $this->time_start ); } /** * Wraps errors in a nice header and footer and dies. * * Will not die if wpdb::$show_errors is false. * * @since 1.5.0 * * @param string $message The error message. * @param string $error_code Optional. A computer-readable string to identify the error. * Default '500'. * @return void|false Void if the showing of errors is enabled, false if disabled. */ public function bail( $message, $error_code = '500' ) { if ( $this->show_errors ) { $error = ''; if ( $this->use_mysqli ) { if ( $this->dbh instanceof mysqli ) { $error = mysqli_error( $this->dbh ); } elseif ( mysqli_connect_errno() ) { $error = mysqli_connect_error(); } } else { if ( is_resource( $this->dbh ) ) { $error = mysql_error( $this->dbh ); } else { $error = mysql_error(); } } if ( $error ) { $message = '<p><code>' . $error . "</code></p>\n" . $message; } wp_die( $message ); } else { if ( class_exists( 'WP_Error', false ) ) { $this->error = new WP_Error( $error_code, $message ); } else { $this->error = $message; } return false; } } /** * Closes the current database connection. * * @since 4.5.0 * * @return bool True if the connection was successfully closed, * false if it wasn't, or if the connection doesn't exist. */ public function close() { if ( ! $this->dbh ) { return false; } if ( $this->use_mysqli ) { $closed = mysqli_close( $this->dbh ); } else { $closed = mysql_close( $this->dbh ); } if ( $closed ) { $this->dbh = null; $this->ready = false; $this->has_connected = false; } return $closed; } /** * Determines whether MySQL database is at least the required minimum version. * * @since 2.5.0 * * @global string $wp_version The WordPress version string. * @global string $required_mysql_version The required MySQL version string. * @return void|WP_Error */ public function check_database_version() { global $wp_version, $required_mysql_version; // Make sure the server has the required MySQL version. if ( version_compare( $this->db_version(), $required_mysql_version, '<' ) ) { /* translators: 1: WordPress version number, 2: Minimum required MySQL version number. */ return new WP_Error( 'database_version', sprintf( __( '<strong>Error:</strong> WordPress %1$s requires MySQL %2$s or higher' ), $wp_version, $required_mysql_version ) ); } } /** * Determines whether the database supports collation. * * Called when WordPress is generating the table scheme. * * Use `wpdb::has_cap( 'collation' )`. * * @since 2.5.0 * @deprecated 3.5.0 Use wpdb::has_cap() * * @return bool True if collation is supported, false if not. */ public function supports_collation() { _deprecated_function( __FUNCTION__, '3.5.0', 'wpdb::has_cap( \'collation\' )' ); return $this->has_cap( 'collation' ); } /** * Retrieves the database character collate. * * @since 3.5.0 * * @return string The database character collate. */ public function get_charset_collate() { $charset_collate = ''; if ( ! empty( $this->charset ) ) { $charset_collate = "DEFAULT CHARACTER SET $this->charset"; } if ( ! empty( $this->collate ) ) { $charset_collate .= " COLLATE $this->collate"; } return $charset_collate; } /** * Determines whether the database or WPDB supports a particular feature. * * Capability sniffs for the database server and current version of WPDB. * * Database sniffs are based on the version of MySQL the site is using. * * WPDB sniffs are added as new features are introduced to allow theme and plugin * developers to determine feature support. This is to account for drop-ins which may * introduce feature support at a different time to WordPress. * * @since 2.7.0 * @since 4.1.0 Added support for the 'utf8mb4' feature. * @since 4.6.0 Added support for the 'utf8mb4_520' feature. * @since 6.2.0 Added support for the 'identifier_placeholders' feature. * * @see wpdb::db_version() * * @param string $db_cap The feature to check for. Accepts 'collation', 'group_concat', * 'subqueries', 'set_charset', 'utf8mb4', 'utf8mb4_520', * or 'identifier_placeholders'. * @return bool True when the database feature is supported, false otherwise. */ public function has_cap( $db_cap ) { $db_version = $this->db_version(); $db_server_info = $this->db_server_info(); // Account for MariaDB version being prefixed with '5.5.5-' on older PHP versions. if ( '5.5.5' === $db_version && str_contains( $db_server_info, 'MariaDB' ) && PHP_VERSION_ID < 80016 // PHP 8.0.15 or older. ) { // Strip the '5.5.5-' prefix and set the version to the correct value. $db_server_info = preg_replace( '/^5\.5\.5-(.*)/', '$1', $db_server_info ); $db_version = preg_replace( '/[^0-9.].*/', '', $db_server_info ); } switch ( strtolower( $db_cap ) ) { case 'collation': // @since 2.5.0 case 'group_concat': // @since 2.7.0 case 'subqueries': // @since 2.7.0 return version_compare( $db_version, '4.1', '>=' ); case 'set_charset': return version_compare( $db_version, '5.0.7', '>=' ); case 'utf8mb4': // @since 4.1.0 if ( version_compare( $db_version, '5.5.3', '<' ) ) { return false; } if ( $this->use_mysqli ) { $client_version = mysqli_get_client_info(); } else { $client_version = mysql_get_client_info(); } /* * libmysql has supported utf8mb4 since 5.5.3, same as the MySQL server. * mysqlnd has supported utf8mb4 since 5.0.9. */ if ( false !== strpos( $client_version, 'mysqlnd' ) ) { $client_version = preg_replace( '/^\D+([\d.]+).*/', '$1', $client_version ); return version_compare( $client_version, '5.0.9', '>=' ); } else { return version_compare( $client_version, '5.5.3', '>=' ); } case 'utf8mb4_520': // @since 4.6.0 return version_compare( $db_version, '5.6', '>=' ); case 'identifier_placeholders': // @since 6.2.0 /* * As of WordPress 6.2, wpdb::prepare() supports identifiers via '%i', * e.g. table/field names. */ return true; } return false; } /** * Retrieves a comma-separated list of the names of the functions that called wpdb. * * @since 2.5.0 * * @return string Comma-separated list of the calling functions. */ public function get_caller() { return wp_debug_backtrace_summary( __CLASS__ ); } /** * Retrieves the database server version. * * @since 2.7.0 * * @return string|null Version number on success, null on failure. */ public function db_version() { return preg_replace( '/[^0-9.].*/', '', $this->db_server_info() ); } /** * Retrieves full database server information. * * @since 5.5.0 * * @return string|false Server info on success, false on failure. */ public function db_server_info() { if ( $this->use_mysqli ) { $server_info = mysqli_get_server_info( $this->dbh ); } else { $server_info = mysql_get_server_info( $this->dbh ); } return $server_info; } }

Entry-level luxurious leather-based items – Base de données MCPV "Prestataires"

Entry-level luxurious leather-based items

Duplicate Luggage

It has first copies of purses from all the leading style manufacturers and newer merchandise are frequently added to depart buyers spoilt for selections. The on-line retailer has a wonderful assist group as nicely that can assist you by way of the buying process. Moreover, it also has a beneficiant returns coverage, not supplied by many shops that deal in replica merchandise. And if you know something about purses, even real merchandise are often manufactured in China.

Whether you’re drawn to its spaciousness, modern design, or versatility, it’s a bag that’s positive to make a statement wherever you go. Just because a bag is a replica doesn’t suggest it must be shoddy. A good duplicate bag shall be made of good supplies and constructed properly.

Although criminal expenses could additionally be rare, duplicate buyers face the chance of seizure by U.S. I invite each reader to join this adventure, share your tales, and learn collectively how to find actual gems in the advanced world of replicas. Once once more, the Classic Chanel Dupe may be bought from $100 which is a good saving when you are getting the same nice wanting handbag.

In conclusion, looking for high-quality replica baggage may be an thrilling endeavor for people seeking luxurious fashion with out breaking the bank. While there are both benefits and drawbacks to consider, cautious evaluation of quality and selecting reputable sources will ensure a satisfying buy. Whether inspired by influential celebrities or private type preferences, duplicate luggage provide an accessible way to make a trend statement with style and affordability. Influential celebrities aren’t proof against the allure of high-quality reproduction luggage.

Moreover, shopping for replicas undermines the fashion business as a complete. Designers and types make investments significant time, sources, and creativity into creating their merchandise. When replicas flood the market, they dilute the value of the unique designs and might even hurt the reputation of the manufacturers they imitate.

Honestly, using a bit of common sense, you’d know that fable isn’t true. If pretend bags may move for the true factor so easily, why would reproduction sellers even hassle with promoting them as fakes? In November 2023, federal brokers executed the largest seizure of counterfeit items in U.S. history.

While knockoff purses are additionally most often made with lower-quality materials than the unique name-brand baggage, in most instances, they are not meant to be actual copies of the unique model. Instead, they’re thought-about a more inexpensive look-alike than the unique designer purses. Actually, it’s illegal to promote duplicate merchandise and there’s a strict regulation coverage in opposition to fake merchandise, especially on common web sites like Alibaba, AliExpress, etc.

With trend tendencies evolving quickly, many people find it troublesome to justify spending hundreds of dollars on a single accessory. Replica baggage provide an inexpensive different that enables individuals to stay fashionable with out the monetary strain. 5.Replica Clothing and AccessoriesChina can also be a serious production area for replicas of fashion model clothes and niknaks.

We know the way essential it is to look trendy with out burning your financial institution card. That’s why we offer reasonably priced designer handbags which might be just pretty a lot as good as the actual issues. Our collection includes LV replicas, Gucci bag dupes, faux Birkin, and different hits from the luxury world, but with a price ticket that solely makes you smile with pleasure. Experience the class of pretend designer baggage with out breaking the financial institution. Our inexpensive designer baggage assortment features fashionable models that appear to be actual masterpieces of excessive trend however cost lower than $500. Excellent high quality and stunning design – these pretend designer bags allow you to get pleasure from designer-inspired baggage with out breaking your finances.

Lagro mentioned he doesn’t have much sympathy for big firms and the financial loss created by replicas. He thinks that large corporations are damage essentially the most by replicas, however, these corporations are worth a lot that it doesn’t significantly affect them. Many others like Laura don’t have a lot regard for giant companies in phrases of replicas. You observed the outrageous prices and also you likely left dissatisfied.

Though newer to the gathering, the Fendi First Bag has gained recognition for its elegant and versatile look. This Fendi clutch makes an announcement with its modern strains and minimalist design. This design has a distinctive double compartment with a rigid partition dividing it.

But the real star of the show is that Walmart is now giving customers a approach to save on genuine Birkins. This is all thanks to its official partnership with Rebag Replica Handbags, some of the trusted sources for pre-owned designer items. Plus, throughout Walmart’s Super Savings Week, the retailer is offering an extra 15 % or extra off 1,000+ authenticated designer finds, together with both Birkin and Kelly luggage. They are all the time bettering the standard of their products to make sure that you solely receive the very best high quality reproduction sneakers, garments, and bags at the lowest possible price. My second option to purchase a Louis Vuitton or Gucci duplicate Bag is Voguish Vibe and Myhandbagsofficial. I bought a Louis Vuitton Multi Pochette Accessories, probably the greatest high quality merchandise.

Letting the sourcing company you cooperate with allow you to with transportation can be an excellent option. 4.Choose an Experienced Logistics CompanyCooperate with skilled logistics corporations and choose those with expertise in transportation. Experienced logistics companies can present personalized transportation options to ensure that reproduction items are safely and shortly delivered. 2.Ship in small BatchesDivide the goods into multiple small batches for transportation.

When you run your hand over the bag, it shouldn’t really feel like you’re touching rough strings. When checking a Dior bag, make sure to look at the inside tag inside the purse. Get back to this post’s subject, listed under are some effective suggestions to help you spot Dior reps (replicas).

Since the popular Book Tote doesn’t include any hardware, here are two extra ideas specifically for authenticating the Book Tote. Newer ones have switched to a flap closure as an alternative of a zipper. So, if you don’t see a zipper closure, particularly on a Mini Lady Dior, don’t jump to the conclusion that it’s a fake. Despite what some folks say, the handles don’t at all times keep upright if you set the bag down. It’s fairly normal for them to tip barely forward or backward. Counterfeiters typically battle to match the stitching colour completely.

The items listed here are the very best quality leather-based items in the whole Sanyuanli leather-based items market and even in the whole of China. So Baiyun Leather City can be known as the “luxury replica distribution center”. Due to their luxury status, high price tag, and superstar endorsers, everybody appears to need to get their arms on certainly one of these iconic types. Unfortunately, this has led to a massive influx of knockoff reproductions, or dupes as they’re sometimes called. These influential celebrities ship a robust message that it is potential to get pleasure from luxury style without spending a fortune. Through their style selections, they encourage others to explore the world of reproduction bags and embrace affordable class in their own wardrobes.

They have competent craftsmen who manufacture replicas almost similar to the unique ones. Their superior quality and wonderful customer service have earned them loyal purchasers worldwide. The LadyBags888 retailer is another store with a tremendous assortment of designer impressed baggage. In the product catalogue you probably can see they sell the replicas of prime bag brands similar to Hermes, Louis Vuitton, Gucci, Chanel and more. Deviating a bit from the styles and patterns of its luxury shoulder bags class, Chloe offers in Woody tote, a extremely spacious bag for daily wants. The signature Chloe ribbon and polished leather bestow a modern and practical design to the bag.

The greatest designer handbags provided by real brands will cost you the value definitely worth the handbag and the onerous work that was put into it. Luxury designer first copy baggage are not just equipment; they’re representations of the craftsmanship and artistry that goes into creating them. From the meticulous handcrafting to the considerate design process, every step of the production is a testomony to the dedication and skill of the artisans concerned. These mirror replica purses are more than simply fashion statements; they’re wearable works of art that maintain a special place in the world of luxurious. Whether admired for his or her magnificence, cherished as collectibles, or passed down as heirlooms, luxury designer handbags will proceed to capture the hearts of style enthusiasts worldwide. The Value of Luxury Designer Handbags, While luxury designer handbags usually include a hefty price tag, their worth extends far past their financial price.

Furthermore, pay consideration to the method in which the bag is carried and accessorized. Experiment with other ways of holding it – over the shoulder, on the arm, or as a crossbody. The objective is to find a modern and cozy carrying fashion. If the stitching strays from a straight 180-degree line, it’s a useless giveaway that the bag is faux. The surface of the hardware elements must be mirror-polished and really easy, with every edge and corner well-rounded and finely polished.

Silk Street (秀水街) is now well-known for internet hosting international presidents and dignitaries during official visits, and it remains a must-visit shopping landmark for worldwide tourists coming to Beijing. Besides electronics, you’ll also discover knockoffs of luxury watches, handbags, sneakers, clothes, equipment, perfumes, and cosmetics. Replica Bags is a well-known online retailer to provide duplicate Plasticbagsforyou Bags and Shoes for reasonable value, 100% Genuine Leather. Shop the latest Plasticbagsforyou bags and shoes handpicked by a world community of unbiased trendsetters and stylists. Is made carefully, with standard materials, good fittings, and that very “inner chic” you’re feeling as soon as you pick it up.

All that is to keep away from the trade and commerce department bursting into the inspection. Sanyuanli is in the north of Guangzhou city, which is considered one of the busiest arteries of north-south traffic in Guangzhou. Louis Vuitton dust baggage are simple and could be either an envelope or drawstring fashion. They will all the time be a delicate tan or beige shade with the signature “LV” or “Louis Vuitton” logo in the center. The mud cowl will also be manufactured from 100% cotton and have a label indicating it was made in either Spain or India. Even the rivets must be stamped with the total “Louis Vuitton” logo.

Hermès replicas luggage are a replica of their authentic counterparts which are sometimes offered at a fraction of the cost. Replica baggage make the Hermès expertise extra attainable for a wider vary of buyers. I actually have experience purchasing for them, and wished to create this guide to assist you know exactly what to look for when shopping for one. We’ll cowl every thing from the basics such as what a Hermès reproduction bag is, to where you should buy one of the best ones. Buying replicas is my method of saying no to this overpriced luxurious tradition. It’s like somewhat victory dance each time I snag a beautiful duplicate – the same style, a fraction of the cost.

This is where high-quality duplicate luggage come into play, providing an inexpensive alternative that permits you to benefit from the luxury aesthetic without emptying your checking account. But how are you going to make sure the reproduction luggage you’re eyeing is value your money? In this submit, we’ll dive into the artwork of choosing high-quality replica luggage and the method to spot genuine high quality in luxurious copies.

But past that, it’s the unique atmosphere of Karama that stands out. The sellers are passionate, the consumers are enthusiastic, and there’s a shared pleasure to find a classy merchandise that doesn’t empty your wallet. Since its drop, celebrities, TikTokers and trend critics have weighed in on the viral knockoff, with many bravely popping out as Birkin haters. The democratisation of knowledge and client power through social media has played an enormous half on this. Platforms like TikTok and Reddit are crammed with conversations that problem the trade’s value proposition, which has made it so much harder for luxury manufacturers to manage their narrative.

As the new releases sell out rapidly, it’d be clever to select and place your order on the earliest. Below you can find a value guide for Hermès bags (both authentic and replica). I actually have solely given my knowledge of pricing on superfake Hermès bags since those are the one sort of Hermès duplicate baggage I personally store for. So keep in mind yow will discover cheaper replicas on the market however that comes at the cost of precision and accuracy (which I am personally a stickler for as a twin authentic/replica designer bag lover). If a vendor offers you a designer purse for a worth that’s too low for a designer purse, then immediately refuse as it will be a replica or a low-quality knock-off designer purse.

To consider a duplicate’s high quality, take a while measuring it against specifications supplied by Hermes. A high-quality reproduction should carefully resemble these specifications in order to replicate accurately the original bag’s design and proportions. Defining reproduction Hermes luggage is crucial when seeking luxurious on a budget.

The rise of reproduction luxury bags reveals no signal of slowing down. While some consumers favor to spend money on authentic luxurious, many opt for replicas to attain the same type at a fraction of the fee. By paying consideration to materials, craftsmanship, and particulars, you should purchase a high-quality reproduction that looks and feels as near the real thing as attainable. Whether you’re a die-hard fashionista or want to elevate your style with out the luxury price tag, understanding what makes a good duplicate will make all of the distinction in your purse game. When shopping at our online retailer, we assure that our Louis Vuitton replicas are virtually indistinguishable from the authentic baggage. We use genuine leather and high-quality materials to make sure the identical look and feel as the original bags.

As the name suggests Louisbag offers with ALL louis vuitton merchandise. One of the biggest reproduction luggage sellers on Dhgate is Handbagstore888. In my expertise, understanding the right seller can reduce your looking out time looking for the best designer inspired purses.

Their customer service is above average, with fast and consistent order processing. They most probably have anything their clients are seeking for. This article is dedicated to you if you have been searching for wholesale replica vendors. The further pockets are nice for storage, and the thermal, windproof, and water-repellent features make it good for various weather conditions. I’ve worn them to the office and for informal weekend outings, they usually work perfectly for both.

If you need to buy a luxury designer bag, type sourcing may help you get a direct supply from factories. Entry-level luxurious leather-based items, the overwhelming majority of the leather used in the current leather market can be found simply. And most of these brands used machine sewing, and the obstacles to production aren’t notably excessive. Unless the bag may be very classic, this code should all the time be current and make sense.

The interesting factor about this website is that it doesn’t instantly give you low-cost patrons, however only provides you entry to a wholesale or buying channel. Alibaba is probably one of the websites that may allow you to buy wholesale imitation products. Because they offer a small MOQ fake bags, they’re truly primarily an internet comparator for wholesalers and retailers. Don’t buy a faux bag that’s being passed off as a Hermès Birkin, label and all, just because of TikTok. And please do not go round with a counterfeit Birkin saying, “Look at my Hermès bag,” when it isn’t, actually, Hermès. When you purchase a resale or a new authentic item, you’ve the option to promote it.

When it involves dupes, this Tory Burch bucket bag does a pretty unimaginable job appearance-wise. Through a shocking pin tuck quilting method, this bag includes a beautiful exterior sample that ends in a glance just like Chanel, with added texture. While details for each of these types do differ, they provide a similar basic look when styled with the outfit of your selection, adding sophistication, performance, and a soft edge to your ensemble. Also together with a front flap secured by a turn-lock closure, this bag comes with each gold-toned hardware detailing and a chain-link and leather-based strap.

So watch out and check the product description completely before making a purchase order. Global Sources website is a renowned online wholesale marketplace that deals in high-quality products. Some of the suppliers on this web site additionally deal in branded duplicate luggage and offer good charges for retailers on bulk purchases. This website has 1000’s of suppliers that deal in leather merchandise, including pretend designer and replica luggage. Made-in-China is suitable for shoppers in search of bulk portions.

This topic is quite complicated and deserves a separate dialogue, but it’s essential to note the distinction between creating something comparable and outright copying and claiming it as an original. By opting to not buy designer knock-offs, you’re standing towards intellectual property theft and respecting the artistic efforts of the designers and brands. And don’t overlook the potential of legal bother; possession of counterfeit goods can result in fines or legal repercussions.

Replica manufacturers who make super fakes normally use the very same production method as genuine style houses (e.g. making bags by hand). Farfetch is doubtless considered one of the luxurious e-commerce forces that introduced pre-owned items again to the forefront of style. 1stdibs, a mega destination for antique furniture, jewelry, artwork, and style, can really feel somewhat daunting at first. Think of this online marketplace because the middleman between you and vetted shops and galleries around the globe. Treat it as a one-stop vacation spot for that Roly Poly chair you’ve been eyeing on Instagram, authentic classic trend in incredible situation, and designer bags at each price point. Whether you’re working, touring, or buying, the Louis Vuitton On The Go bag is the perfect companion for each occasion.

These baggage do not have the sturdiness of a higher-end bag and are sometimes from disreputable sources. The Golden Goose Sneakers are a cult-favorite, featuring premium distressed leather, a unique star logo, and an effortlessly cool, worn-in look. The Vintage Havana designer dupe offers a similar star-accented design and pre-scuffed aesthetic, making it a classy and budget-friendly choice. The Cartier Love Ring is a timeless luxurious piece, matching it’s bracelet with its signature screw design. The different from Walmart captures the identical modern, minimalist look, making it an inexpensive approach to obtain the designer-inspired type. The Longchamp Le Pliage Tote is thought for its lightweight, waterproof nylon, sleek leather trim, and foldable design.

But as quickly as I realized that reproduction baggage these days have impeccable quality I don’t see the good thing about paying extra. Plus, if you’re new to this, it can be tricky to spot high-quality replicas, and also you would possibly end up with something that’s not so nice. Replica baggage attempt to copy the look and magnificence of designer baggage, they’re bought as imitations, so consumers know they’re not authentic. We Professional Replicas Bags and Shoes Online Shop only promote high quality and brand new Replica Bags and Shoes porducts for both men and women! A good designer purse is practical sufficient to actually be used, and what’s more sensible than a roomy tote bag? Tory Burch’s Ever-Ready Zip Tote is an excellent instance of luxury meets performance.

Walmart provides affordable dupes with comparable sturdy nylon construction and collapsible features, offering a practical and classy choice. The YSL Crossbody is made of high-quality leather, a glossy structured design, and the iconic YSL emblem. This designer dupe from Walmart captures an analogous compact silhouette with a classy finish, providing a budget-friendly possibility.

It’s like discovering designer treasures without emptying your wallet! Over the years, I’ve morphed from a curious shopper right into a savvy connoisseur. After working with completely different sellers and studying more concerning the industry, I can say that replica bags aren’t made with baby labor. They’re produced by reliable employees in manufacturing facility settings, similar to common merchandise.

Even the little issues inside like labels, serial numbers, and model logos are meticulously copied. Neutral colours are easier to match and are sometimes replicated nicely. Bright or unusual colors usually tend to have colour differences. Replicas of types that aren’t in demand or are very new normally less accurate. It’s okay to go for these if you’re not in an urban space so the folks right here aren’t scrutinizing your stuff like they would be in an enormous metropolis. They use considerably higher supplies, and so they pay more consideration to the little particulars.

When purchasing for replicas make sure that you are buying from a acknowledged seller who others have vouched for, and have already confirmed the quality of. Read evaluations on blogs corresponding to The Rep Salad, and take part in online communities like Reddit’s LuxuryReps to study from the experience of others as nicely as their recommendations. It’s not simply concerning the luggage or the brands; it’s concerning the power, the folks, and the tales that fill every nook. When you’re there, looking for that perfect replica, you’re not just shopping for a product. For these within the know, Karama Market in Dubai for fake bags provides a secret past regular stalls and shows.

It did not even have the right handle—a flat deal with as an alternative of a regular rolled deal with, which instantly raised a major purple flag. It also had a leather-based grain that I’ve by no means seen on a Hermès bag in my complete life. If I look at these Chinese versions of these luggage — and that is where my job expertise comes in — I can tell the Chinese TikTokers’ variations are pretend at a look. Bowling baggage are all the craze this season – especially those with extra-long straps. We’re struggling to inform the distinction between this sub-£40 option from M&S replica bags, and the iconic Alaïa Le Teckel Bag. If you do want to put money into the designer type itself, we’ve additionally included hyperlinks to the originals, too.

We offer movies and close-up images for verification before buy. Designer purses may have luxury price tags, however these inexpensive dupes allow you to get pleasure from high-end type with out the splurge. The Burberry Freya Tote is a sophisticated piece that features the brand’s iconic checkered pattern and impeccable craftsmanship. Made from premium supplies, it’s designed to face up to daily wear while maintaining its luxurious attraction. However, with a price tag of around £1,300, this bag is actually an investment.

Heart Tag Necklace is an iconic piece, crafted from high-quality sterling silver with the brand’s signature engraving, exuding timeless magnificence. This different replicates the basic heart pendant and chain design, starkingly just like it’s designer counterpart. The Chloé Woody Tote is a designer favourite with its signature emblem straps and effortless, minimalist fashion. The Walmart designer dupe provides the identical casual yet refined tote look with a gold lock. The Louis Vuitton Speedy is a small rectangular handbag acknowledged for its iconic monogram canvas, rounded form, and top-handle design. These checkered designer dupes have related silhouettes and useful designs, offering a classy and budget-friendly option.

I’ve also seen freaking beauty baggage (the ones you get as a free present with perfume or make-up purchase) listed as if it was the posh brand common purse. I suppose they only obtain too many issues to have the time needed to do it right. It’s clear that the old model of luxury has been disrupted, and it’s now not nearly worth anymore. In the battle between heritage and value, shoppers are asking extra questions—and luxurious manufacturers should have higher answers. And if they don’t, there’s a whole business on the sidelines who do.

Apart from handbags, you can also find a vast collection of designer clothes, shoes, and equipment. Quality designer duplicate handbags are very near real designer baggage such that style fanatics are proud to own a few. In our society, luxurious items such as designer purses, designer sneakers, and designer equipment are extremely coveted by many.

One of the numerous reasons to purchase pretend designer bags from China is its low manufacturing price. The labor in China is low, which provides competitive pricing on bulk orders, making it a worthwhile opportunity for retailers. All fashionistas will understand that present kinds change fast, and it’s not at all times affordable to spend 1000’s of dollars on a brand new designer every time. With high-quality Gucci replica choices, you get the liberty to discover trend fearlessly.

Resultantly, replica bags obtained are often not up to mark due to improper negotiations and instruction steerage. They can merely go to the manufacturing facility and get the identical high-quality uncooked material utilized in authentic baggage, similar to leather for Louis Viton and Channel. Featuring an analogous rectangular silhouette, the leather tote is much like a Birkin in many ways, together with the belt-like fastening, gold hardware, and flap closure. However, the Hamilton Legacy is not quite as easy as the classical Hermès bag, showcasing added details such as a gold chain and leather facet ties.

Not only does this bear a close resemblance to the Chanel bag, but it’s a trendy bag in and of itself too. A tweed handbag makes a wonderful accessory and this various is a great choice. Though the hardware isn’t the identical as the unique, you get the identical essence of this purse with the tweed material, rectangle form, and chain strap. This type of bag could be worn running errands on the weekend, touring, and even along with your basic trench coat. The various is made from vegan leather but nonetheless boasts the roomy dimension and decorative pendant.

We sell unique products that may make you stand out from the crowd. I even have you covered—check out my style content for extra dupe shopping guides. Walmart provides the proper duffel dupe with the identical checkered design, measurement, and an adjustable strap with a red define. This Michael Kors Emilia Pebbled Leather satchel is a less expensive various to the bag above and a great everyday bag to carry all your necessities. It opens up to reveal a spacious inside with a middle zip pocket for simple organization. It also has an optionally available crossbody strap and can be accessorized with a colorful scarf.

This grade replica bag’s advantage is that the value and quality are simply acceptable to most consumers. Furthermore, it’s advisable to learn critiques and suggestions from earlier customers when buying replica baggage on-line. This will provide you with an idea of the seller’s status and the general satisfaction of their prospects. Gucci reproduction bags are also extremely sought after, with their signature GG emblem and stylish designs. From the classic Dionysus to the fashionable Marmont, Gucci replicas offer a glamorous and trendy statement piece.

Also available in a nude colour, good for all of your traditional looks. I’d style these with white tapered trousers and a blazer for work. (See what I did there) This bag is a useless ringer for the Prada Re-Nylon! It’s so spacious, you would most likely fit a small country in there.

For Birkin, they only use the best leather—genuine, high-quality, and long-lasting, whether it’s calf or one thing more unique. On the opposite hand, Birkin knockoffs are sometimes produced from synthetic leather-based. Fake Birkin bags usually have low-quality dyes, so the colours can come off wanting boring or mistaken. The SAs would have by no means suspected the baggage they thought have been coming from Hermes to their boutique would be anything aside from authentic so what do they see? Allegedly, it seems this person, over the course of 8 or so years, swapped out some auth Birkins and Kellys for replicas earlier than sending them out to boutiques to be sold to unsuspecting customers.

With a reproduction, you’re buying an imitation lacking the innovation, exclusivity, and authenticity that makes high-end trend unique. While designer luggage use high-quality leather, material and hardware, replicated luggage typically use lower high quality materials, fake leather and plated or plastic hardware. A high-end designer purse, when cared for correctly, can last decades.

Below you will see photos of duplicate Hermès luggage I really purchased – one of which isn’t so nice (a Kelly replica) while the other is a surprising handmade replica Birkin bag. Authentic Hermès luggage aren’t only costly but in addition notoriously troublesome to amass. Waiting lists can stretch on for years, and there’s no guarantee of ultimately getting the exact design or material you desire. You can determine the quality of the fabric by just working a hand over to see if the fabric is gentle, easy, and thick, which proves that it’s genuine. Or if you really feel that the fabric is skinny, crusty, and just all over weak, then you would know it is both a reproduction purse or a designer knockoff handbag.

If you come across a bag with a mix of gold and silver hardware or hardware that isn’t gold or silver at all, there’s a good chance it’s a Prada dupe. Also, genuine leather has a pleasant earthy odor, while faux leather usually has a harsh chemical odor. One factor to watch out for on faux luggage is if they say “Milan” as an alternative of “Milano” on the within plaque. Inside a Prada bag, the emblem plaque ought to be rectangular, not like the triangle one on the outside. If it’s a real Prada, this plaque will have rounded corners and be well hooked up to the bag.

I hit up my duplicate luggage vendor and positioned an order instantly. Counterfeit luxury handbags have become a social media phenomenon. Instead of cheaply made knockoffs, the most recent crop of counterfeit handbags, generally identified as “superfakes,” appears very comparable to the genuine luxurious merchandise. When you choose pre-owned, you’re selecting authenticity, sustainability, and a deeper connection to fashion’s most iconic houses. Counterfeit purses might attempt to copy the look, however they’ll by no means carry the spirit. A pre-owned bag gives you that very same high — pride in your buy, respect for craftsmanship, and alignment with your values.

Not only as an various selection to the authentic one, but in addition as an different alternative to worse quality of the same price for non-replicas. When I stopped to suppose about it, I was like wait what, $5,000!!!! Fake designer bags are made from low-cost PU leather or flimsy plastics. Instead of buying 5 replicas, spend money on one genuine pre-owned traditional. Because a fake may fool the eye — but only the true thing feeds your soul. So when counterfeiters try and mimic these masterpieces with subpar materials and zero respect for the brands’ values, it’s not simply theft — it’s downright disrespectful.

“Sometimes the bags are made [off hours] in factories that produce legitimate purses by day,” Harris informed The Post. From Chanel purses to Gucci belts, and Louis Vuitton baggage, scarfs, shoes, boots, and sunglasses — any high-end designer imitation you’ll have the ability to think about dolabuy.edu.kg, you will probably discover it there within the open air. These objects may look very similar but not essentially precisely the same. That’s as a outcome of mental property legal guidelines only defend some kinds of designs similar to designer logos. These legal guidelines nonetheless do not shield the form of say a gown or a handbag. Designer dupes nevertheless are not to be confused with counterfeit items.

We provide safe payment choices like PayPal, guaranteeing that your transactions are all the time protected whilst you take pleasure in a seamless purchasing expertise. If you’re in search of the proper summer time accessory, this new Fendi bucket bag may be for you. This bucket bag blends straw and gold hardware for a singular, understated look. Refresh your type with BaseReps iconic reps sneakers, a blend of favor, comfort, and high quality craftsmanship. Get able to witness the rise of the must-have bag that can quickly dominate the scene.

Authentic Hermès baggage are made from either gold plated brass (called GHW for short) or from palladium (called PHW for short). For Hermès luggage with gold hardware 18-karat gold plating is typically used, however it could be very important note that some rarer types may actually include pure gold plated hardware. If the bag you are buying will be customized made or handmade then you must additionally take note that it’ll take time on your bag to be completed.

Now that you’ve learned all of the sources to purchase pretend designer luggage, it’s time to differentiate between numerous classes of replica luggage. ‘Replicas Store’ makes a speciality of offering a high-end number of reproduction designer bags. The brand replicas that yow will discover right here include Chanel, Louis Vuitton, Gucci, Dior, Hermes, Fendi, and Celine. The prices of these fake designer luggage range from 150$ to 600$. When we say China is the leading supply of buying pretend designer bags, we imply it.

They promote a variety of bags inspired from Louis Vuitton, Gucci, Prada, Givenchy, Chanel amongst others. There are all sorts of causes to store for designer purses on secondary markets, from big savings to saving the planet. But you’re employed hard for your cash, and even second-hand designer purses are an funding. So all the time look intently at any bag you’re contemplating earlier than you shell out your hard-earned cash. If it is obtainable from a road vendor or at a neighborhood flea market, there’s a good chance it is not actual.

I have a whole publish devoted to Shein shopping suggestions in addition to a VERY detailed Shein evaluation publish. It has a main interior pocket and enough room for a 15.6-inch laptop inside, along with a separate document pocket, 2 pen pockets, and 2 interior open item pockets. It also is available in 5 other color options if you’re not a fan of this one. In terms of ornament, this bag also options gold-tone hardware.

Though counterfeit replica merchandise lurk mostly on Internet public sale sites, corporations such as eBay are presently making a more pronounced effort to discourage counterfeit merchandise from being bought. They go hand in hand because if one thing is popular enough, many people will want it! As Oscar Wilde once mentioned, “imitation is the sincerest form of flattery”. In the case of replica baggage, this rings very true since top duplicate producers will search to actually imitate authentic designer luggage as closely as possible.

Buyers should not trouble with them as they’re the bait bags which are generally poorer high quality. On the bait baggage, the logos have been modified so the handbag doesn’t appear to be copying a sure designer model. With the right contacts and social-media accounts, anybody can get a pretend bag, but entry to high-quality replicas is becoming more rarefied. RepLadies has, for some months now, been splintering into personal social channels, where the savviest duplicate consumers seem to spend most of their time. Here, they can entry extra unique aspects of the rep world, like its huge secondhand market and top-tier Hermès sellers, and even make customized orders with a manufacturing facility. These gimlet-eyed assessments often reveal the reps as indistinguishable from the authentics.

To assess the quality of a reproduction, fastidiously study the logo and model markings. The emblem must be clear, well-defined, and precisely represent the brand. Pay shut consideration to the font, spacing, and alignment of the emblem, guaranteeing it closely resembles the original. Similarly, scrutinize the model markings, corresponding to stamps or engravings, for precision and a focus to element.

High-quality leather could have a pure leather-based perfume, while low-quality replicas might have a pungent chemical or plastic scent. The difference in odor can usually directly reflect the quality of the materials used. If you odor a robust chemical odor, it normally indicates that low-quality synthetic supplies have been used. 6.WeChat Merchants on Social Platforms (through WeChat, QQ, and so on.)Buyers can obtain personalized luxury replicas by instantly contacting them.

Ms Flowdea has more than 200 actual Hermès purses, which she has collected by progressively constructing relationships with boutiques in cities around the globe. The market features on the United States government’s record of “notorious markets” for counterfeit products. Some younger fashionistas are seeking out breathtakingly expensive purses. But they do not appear to be simply standing symbols — they may also be a savvy investment. ShopStyle is the premier trend and way of life purchasing platform that allows you to browse, explore, and discover exactly what you’re searching for in one handy location. Their objective is to provide the best quality reproduction of streetwear trend at the most reasonably priced value.

This small shoulder bag is a chic and compact satchel that gains its luxurious appears from the strikingly stunning hardware. But for its heavy value, this is an irresistible model from Chloe to modern prospects. Made of canvas cotton, the style bag has a no zipper closure. A great reward for Christmas, Valentine’s Day, Mother’s day and Easter, this shoulder bag will suit any woman you admire. Whether you want to personal it or present it to someone, it is a greatest value purchase because of its affordable price tag while providing an impeccable imitation of the luxury tote.

However, for those in search of luxury on a price range, it is important to remember of the growing market of high-quality duplicate Hermes baggage. The factories purchase authentic designer luggage and measure every a half of the bags accurately. After that, they’ll produce reproduction baggage completely primarily based on the genuine ones.

By opting for a Louis Vuitton replica bag, fashion fanatics can benefit from the luxurious and style of an authentic bag at a more affordable price. These duplicate bags enable individuals to elevate their fashion recreation with out compromising on quality or style. You can find all of the traditional types of aaa reproduction luggage in AAA purse, including faux Gucci Marmont shoulder bag, Chanel flap bag, boy channel bag, and lady Dior. If you can’t discover the pretend bag you need, or you nonetheless have issues with the pretend bags, please be at liberty to contact us, and We will do our greatest to solve your issues. Ohmyhandbags is an online web site promoting many designers’ highest-quality replicas.

While the ethical considerations are vital, many individuals are drawn to duplicate baggage for personal expression. Fashion is a form of self-expression, and replicas allow people to experiment with kinds that might be out of reach financially. For some, owning a replica will allow them to embrace tendencies and showcase their style without the constraints of a hefty price tag. One such celebrity is Kim Kardashian West, who has been photographed with various reproduction bags from totally different luxury brands. She understands that these replicas are a wonderful method to achieve a high-end look with out breaking the financial institution. Similarly, fashion icon Rihanna has been seen rocking duplicate bags that completely mimic the unique designs.

Sure, the appeal of getting something that looks like a luxury item without the posh price ticket is thrilling. But remember to step again and respect the work that’s gone into it. Those fake bags in Karama Market Dubai didn’t simply appear; somebody put effort and time into making them look pretty a lot as good as they do. It’s all concerning the thrill of discovering that good luxury lookalike at a fraction of the price. So whether or not you’re a curious traveller or a neighborhood on the hunt for a brand new accent, Karama Market’s faux bags collection guarantees an journey you’ll bear in mind.

Feyre had advised patrons that she was located in Turkey and claimed that as a end result of it was close to Europe, all of the leather used to make the baggage got here from France or Italy. After an extended wait, when the customer acquired the package deal, it was clear at a glance that it was low-quality. I find duplicate items to be cheaper in worth than the “average” gadgets, but larger in high quality than what I could get with the identical amount of money! With replicas, I get insanely good quality for a fraction of the price.

As one of the main duplicate bag retailers on the earth, our firm at Replica Bags could not ignore Saint Laurent and his magnificent masterpieces. Our rave critiques are like the quote-on-quote; and with our authorized wholesale marketplace, you can store with peace of thoughts, knowing you are not being conned. With replicas, you don’t have to fret as a lot about damaging or shedding an expensive bag whenever you travel or use it every single day. From the design and measurement to the shape and special features, every thing is copied so accurately that these bags look almost equivalent to the originals. These replicas use materials that are super near what you’d discover on the originals.

After an expert purchases the real bag, then send it to the manufacturing unit for mould mapping and plate making, hardware precision can also be given to the professional hardware grasp to set the mould. Layers of gatekeeping, and quality management in all features are the method. The top-grade is the most highly effective Guangzhou high imitation bags in the marketplace, the producers of such imitation luggage are few and such high quality sources are exhausting to search out. Also, many other vendors hid within the residential buildings subsequent to the Baiyun leather items city. As most of those stores promoting high imitation leather-based baggage are hidden and often not open. If you did not guide by someone familiar with them, their place can’t be discovered and you cannot enter.

Plus, it features 14K gold carat hardware, which supplies this bag a luxe end. Buying a Hermès Birkin bag isn’t as simple as buying designer purses from Louis Vuitton. No matter how a lot money you’ve on your credit card, you can’t walk into Hermès stores and decide up a Hermes purse. Perhaps probably the most iconic designer bag, the Birkin is the epitome of luxurious, celebrated for its timeless design, craftsmanship, and exclusivity. Although it retails at an eyewatering £9,000, the low provide and high demand for this bag has driven costs up to unbelievable numbers, with purchasers typically keen to pay six figures or extra. They sell replica shirts, sneakers, and baggage to men, women, and youngsters, including plus-size people, at really low costs.

If you run your finger inside the place the straps slide and it feels rough or sharp, likelihood is it’s a Birkin dupe. Hermès wouldn’t let something out that could snag or harm the leather. Also, when you look carefully at the blind stamp on the sangles, the faux has it stamped too deeply, prefer it was accomplished by a machine. On an genuine Birkin, the pearling is tightly pressed into the leather floor, and VERY close to the stitching.

By carefully analyzing these elements, buyers could make an informed decision in regards to the quality of the duplicate bag they are buying. In the world of luxurious trend, Hermes stands out as an iconic model synonymous with class, craftsmanship, and status. Owning a genuine Hermes bag is a dream for many fashion lovers. However, the hefty price ticket connected to these beautiful creations usually makes them unattainable for many.

The know-how used to create superfake handbags has improved dramatically over the past decade. It is now widespread for duplicate manufacturers to use laser-guided machines and precise stitching techniques that closely mimic the genuine craftsmanship of high-end designer luggage. For instance reproduction birkin luggage are sometimes sourced from factories that provide genuine luxury manufacturers, meaning the buckles, zippers, and clasps are practically identical to those on the original gadgets. Another issue to contemplate is the worth and value of the reproduction bag.

More… let’s say, mundane, in a good way, because it’s completely reliable. This as-told-to essay is predicated on a conversation with Koyaana Redstar, the top of luxury shopping for at Luxe Du Jour, an internet luxury boutique for vintage designer purses. Sleek, sophisticated, and timeless—YSL purses are a must for any luxurious lover.

I clearly remember that for months, I had been looking for one of the best supplier for my Super Hermès. Thanks to the weblog commenter who let us know their site has modified. In this information, we’ll break down every grade in simple terms, evaluate their options, and assist you to resolve which one is best for your price range and desires.

From analyzing the grading system of replicas to understanding the growing recognition of superfake bags, we will cover every little thing you have to know. As such it is rather likely that there shall be minor variations even in case you are shopping for high quality replicas or super fakes. Now these minor variations could additionally be very troublesome to identify however they’ll nonetheless exist. This list highlights tried & true sellers for numerous designer duplicate products and brands.

This is a bit trickier when you’re purchasing second-hand, but it’s a good sign if it has the authenticity paperwork with it. In a way, shopping for replicas contributes to the assist of such false markets and thereby can embody unethical treatment of staff. On the other hand, the supporters of reproduction items state that imitations increase the design reach of higher trend to the overall populace. When prospects place an order in your retailer, you would possibly be free from the hassle of logistics services.

Then the boss too will stash them, spreading the acquisition across sites within the city. That New York City is loaded with small residences and blessed with many storage spaces is a plus for the counterfeit peddlers. A boss who manages the street sellers will pay the wholesaler $35 to $40 dollars per bag, in accordance with Harris.

So now, the query that arises is the way to fulfill one’s need to own a bag that spells class and sophistication? You can select from a extensive variety of replica bags available in the market at present, with quite a few web sites offering spin-offs of branded baggage at reasonably priced costs. Given that our accessories, particularly handbags, are actually a personal assertion of favor, our alternative undoubtedly shouldn’t be taken lightly. Gucci is one of the most popular brands, and for individuals who can not afford the actual thing, there are some glorious, high-quality Gucci duplicate purses to choose from. We all know eBay and the way we will discover amazing deals on this multinational e-commerce platform.

They should ask resellers for hard proof that the bag is actual. Some “super fakes” can cost lots of of dollars and be well well price the excessive price as properly. Of course, shopping for in-person is always the easiest way to find out high quality, as the really feel and appear of a bag isn’t truly discernible from photos.

Visit the website for more directions and 24/7 available customer support to filter any queries. Also, the stitching is superb and exact which holds the bag together with robust and thick threads. The stitching in the replicas is also weak as the threads aren’t robust enough and tend to poke out after a few uses. For instance, Prada is normally spelled as Prada which is tough to point out due to the font or the design but it can be identified when you take observe of it.

William Lasry, founder of Glass Factory, is working to alter that. Add their proliferation on social media into that mix, and the dupe culture has been normalised in ways in which “knock-offs” from Canal Street by no means were, she says. This dimension 35 keepall is the final word trendy travel companion. If you’re a real Louis Vuitton enthusiast, you’ll want to grab this quickly from Walmart—these are flying off the cabinets.

Duplicate Luggage It has first copies of purses from all the leading style manufacturers and newer merchandise are frequently added to depart buyers spoilt for selections. The on-line retailer has a wonderful assist group as nicely that can assist you by way of the buying process. Moreover, it also has a beneficiant returns coverage, not…

Mini Shell

Entry-level luxurious leather-based items

Leave a Reply Cancel reply