I'm trying replace this shortcode
[RICH_REVIEWS_SHOW category=”all” num=”6″]
with this shortcode
[site_reviews summary count="3" hide="date"] in a wordpress database.
I've tried the plugin "better search and replace" but no luck.
I've also tried using this code via the cpanel.
update wplq_posts set post_content =
replace(post_content,'[RICH_REVIEWS_SHOW category=”all” num=”6″]','[site_reviews summary count="3" hide="date"]');
Initially no matches, if I remove certain parts of the shortcode I get some results. I'm a bit lost as to what will get the job the job done.
Can anyone point me in the right direction.
Thanks in advance.
The SQL in your example is correct.
A likely explanation for the issue is that the double-quotes within the [RICH_REVIEWS_SHOW category=”all” num=”6″] do not match the double quotes used within the shortcode stored in the post_content table.
For example ” vs ″ vs "
I suggest finding a post manually that has this shortcode and copying that that shortcode into the SQL query. Then try again.
Related
I'm trying to update numerous wordpress multisite pages.
I have an ajax script that is posting to a php file where, after the text is formatted, it updates the corresponding table cell.
However, I keep getting the "WordPress database error You have an error in your SQL syntax;" error.
$content = "[shortcode] text processed by shortcode [/shortcode]";
$table = "wp_".$_POST["blogid"]."_posts";
$wpdb->query(" UPDATE {$table} SET post_content={$content} WHERE posts_title='test'");
Is this an issue with the use of square brackets (shortcodes) in the string I wish to use to update the cell?
The syntax seems fine to me, but my SQL knowledge isn't that strong.
In greater detail, I have a mysql query that gets all multisites, then loops through them after making the edits with JS before posting to this php file.
Avoid using string templates directly for query building. You can too-easily include invalid syntax, and since you're reading content directly from the shortcode you're opening your entire database up to SQL-injection attacks. This could give attackers direct access to your database, meaning anyone who can post content could also gain total access to your WordPress.
Always prepare your query first. If you're using $wpdb, the usage is described here: https://developer.wordpress.org/reference/classes/wpdb/prepare/
This will also ensure that the shortcode content you query on is formatted properly.
and thanks in advance for any help. I'm working on fixing all broken links in a massive WordPress multisite database and need some help writing an SQL query to run via PHP MyAdmin. I've searched, but can't the perfect solution...
PROBLEM: We have more than a thousand broken links that start with http:/ instead of http://
CHALLENGE: The following would result in numerous links starting with http:///
UPDATE wp_1_posts
SET post_content = replace (post_content,
'http:/',
'http://');
PROCESS: I want to write a query to SELECT all these links first, so I can review them to ensure I don't do any damage when replacing the text string. Downloading a db dump and doing a manual S&R is not an option since we're talking about a multi-gigabyte database.
I thought something like this would work...
SELECT * FROM wp_1_posts
WHERE post_content LIKE '%http:/%'
AND WHERE post_content NOT LIKE '%http://%'
But that just throws a syntax error. Am I even close?
QUESTION #1: How can I find all instances of "http:/" without returning all "http://" instances in the query results.
QUESTION #2: How might I safely fix all instances of "http:/" without affecting any "http://" strings.
FYI: I'll admit I know just enough about this to be dangerous, and I am not familiar with regular expressions. at. all. That's why I'm turning to you for help. Thanks again!
This should work, in MYSQL:
UPDATE wp_1_posts SET post_content = replace(post_content,'http:/', 'http://')
WHERE post_content REGEXP 'http:/[^/]'
I'm trying to excercise on BadStore, for those who don't know it's a fake online store site which can be run on VM box, and offers a lot of security vulnerabilities.
One thing i'm trying to do is to apply sql injection on the search query.
When searching for "book", for instance, we see this:
So, i'm trying to show all the store items trying to search for 1=1' --, which will result with the query of:
SELECT itemnum, sdesc, ldesc, price FROM itemdb WHERE '1=1' --' IN (itemnum,sdesc,ldesc)
however, this not giving the expected outcome as I get the following error:
Any suggestions?
You realize that -- in MySQL acts as a comment for the rest of the line?
If this is what you are trying to do, commenting out the rest of the line, then as per the MySQL documentation, you need a space after the --.
I understand you are trying out MySQL injection, so try to type your query, and then after the query type ; -- Notice that there IS a trailing space.
TL;DR
Change
'1=1' --' IN
TO
'1=1' -- ' IN
I want to remove the first image of every post of my wordpress blog, so I installed the lib_mysqludf_preg library to use the preg_replace() function that performs a regular expression search and replaces using a PCRE pattern.
Once installed, I have tested it with this line of code to assure that everything works fine:
SELECT PREG_REPLACE('/fox/i' , '' , 'the quick brown fox' ,2 );
The result was as expected, so the installation is OK.
The problem is that I don't know how to use this function to replace the images that are stored in the column 'content_post' (at 'wordpress.wp_posts') for a blank space. I tried this expression:
SELECT PREG_REPLACE('/<img[^>]+\>/i', '', post_content, 1) FROM wordpress.wp_posts;
But this code returns me the whole lists of posts, not only of this database but of the rest of the databases I have installed in my local computer and doesn't replace any single image.
Any idea on what am I doing wrong?
Thanks in advance.
Ok, I've solved the problem. I post the code because it may be of use for someone with a similar doubt.
This is the code I have used:
UPDATE database_name.wp_posts
SET post_content=PREG_REPLACE( '/<img[^>]+\>/i', '' , post_content, 1 );
I am looking for recovering from my local mysql.log file the changes to perform to the production server and I already got the changes using:
^.*(ALTER TABLE).*(ADD|DROP|CHANGE|^AUTO_INCREMENT).*$
.. and I would also catch the CREATE TABLE statement excluding SHOW CREATE TABLE and CREATE TABLE IF NOT EXISTS. So I tried to firstly only avoid the SHOW but I am not succeding using the more intuitive ways in my mind:
^.*(^SHOW)*(CREATE TABLE).*$
^.*(^SHOW CREATE TABLE|CREATE TABLE).*$
Any help is appreciated,
Carmine Iaciofano
Seems negative look aheads and behinds could be used to solve your problem. The following regex should do the job in this case.
(?<!SHOW )(CREATE TABLE)(?! IF)
In this case, it finds any instances of "CREATE TABLE" that is not preceded by "SHOW " or followed by " IF". Note the spaces in the groups.
You can then use
^.*(?<!SHOW )(CREATE TABLE)(?! IF).*
to match the whole line.
You can read up on look aheads and look behinds here.