Object of class wpdb could not be converted to string

  • Resolved WPOldSkool

    (@wpoldskool)


    14 years ago

    Been running 3.1 Multi Site for a while and came accross this whilst developing a plugin on my local host server.

    $wpdb->query( $wpdb->prepare( "DELETE FROM $wpdb->$ossf_quotes WHERE user_email = '$ossf_email' " ));

    Realise it could be a problem already solved but if not ———–

Viewing 3 replies - 1 through 3 (of 3 total)

  • As of right now, your query is insecure, and if $ossf_email comes from input, it’s vulnerable to SQL injection. Wrapping something in prepare isn’t enough, you need to actually prepare it.

    $wpdb->prepare( "DELETE FROM $wpdb->$ossf_quotes WHERE user_email = %s", $ossf_email );

    If I had to guess, your issue has to do with $wpdb->$ossf_quotes, but this isn’t a core issue. I’d check each instance of $wpdb and make sure you’re using them properly.

    Thread Starter WPOldSkool

    (@wpoldskool)

    Hi Andrew
    Meant to post problem as solved yesterday but got over whelmed.
    The problem was with the $wpdb as you rightly state but was with me calling the prefix twice inadvertently as it was already called in the $ossf_quotes variable.
    Hope I didn’t waste your time. The security issue is in hand and will be included in the completed code.
    Cheers
    Gareth

    Glad I could help.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Object of class wpdb could not be converted to string’ is closed to new replies.