Warning: Missing argument 2 for wpdb::prepare(),

3 Views

I upgraded to WordPress 3.5 two days ago. I don’t use many plug ins, and GoDaddy assures me my plugins are working correctly. However, I’m getting this error message on my blog posts for the first time ever.

Can you please help me resolve this?

Read More

Warning: Missing argument 2 for wpdb::prepare(), called in /home/content/52/8331652/html/wp-content/themes/chateau-2.0/functions.php on line 91 and defined in /home/content/52/8331652/html/wp-includes/wp-db.php on line 990

Here is one of the pages that has this problem on the right side of the screen at the top of the post.

Thanks for any insight you can provide.

Post Views: 3

Related posts

Leave a Reply

5 comments

  1. WordPress 3.5 had some major changes made to reduce certain security risks, such as SQL Injection. The wpdb::prepare method was being used insecurely as plug-in developers were sending complete queries instead of separating out the arguments. This meant that the ‘prepared’ statements were not prepared, and were actually passing parameters into the query directly, which is a security no-no. As of 3.5, this method now takes three arguments.

    To counter your immediate issue, edit your php.ini file, find the line for error_reporting and change it to the following…

    error_reporting(E_ALL & ~(E_NOTICE|E_WARNING));

    Restart your server.

    This will prevent all minor script errors from being reported.

    Alternatively, send errors to a log file. In php.ini, find this line (uncomment it), and change it to…

    error_log "/path/to/php-error.log"

    That will prevent errors from being displayed on your web site. Instead they will be written to a log that only you can see.

    If this error bothers you, you could attempt to have the rogue plug-in use dummy values. We can see that the wpdb::prepare method takes three arguments…

    $wpdb->query( 
    $wpdb->prepare( 
        "
            DELETE FROM $wpdb->postmeta
            WHERE post_id = %d
            AND meta_key = %s
        ",
        13, 'stack overflow' 
    )
);

    By making the affected plug-in send a null as the second and third argument in the method, it will fix the problem completely.

  4. I was also facing same problem.
    I add this code in my wp-config.php file. 

    @ini_set('display_errors', 0);

    Then I was very happy, there was no warning message again.

  5. It occurs because

    $wpdb->prepare must be executed with a parameter.

    Do you not have parameters?

    Then, an alternative:

    Add WHERE to query:

    $sql = "SELECT * FROM TB_YOUR_TABLE WHERE %d AND ...";

    Magic Key = WHERE %d must be true

    And include a true parameter:

    $results = $wpdb->get_results( 
              $wpdb->prepare($sql,1) 
           );

    1 is true for mysql

    Hope it helps!