From 62d5105c5b8044e28c4ce4cf38d23aa9db062a6e Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 16 Apr 2008 18:23:48 +0000
Subject: [PATCH] Fix usermeta escaping. fixes #6750

git-svn-id: http://svn.automattic.com/wordpress/trunk@7696 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/user.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/wp-includes/user.php b/wp-includes/user.php
index 63b5ec500..15da2386a 100644
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -179,17 +179,16 @@ function update_usermeta( $user_id, $meta_key, $meta_value ) {
 	if ( is_string($meta_value) )
 		$meta_value = stripslashes($meta_value);
 	$meta_value = maybe_serialize($meta_value);
-	$meta_value = $wpdb->escape($meta_value);
 
 	if (empty($meta_value)) {
 		return delete_usermeta($user_id, $meta_key);
 	}
 
-	$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %d", $user_id, $meta_key) );
+	$cur = $wpdb->get_row( $wpdb->prepare("SELECT * FROM $wpdb->usermeta WHERE user_id = %d AND meta_key = %s", $user_id, $meta_key) );
 	if ( !$cur ) {
-		$wpdb->query("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
+		$wpdb->query( $wpdb->prepare("INSERT INTO $wpdb->usermeta ( user_id, meta_key, meta_value )
 		VALUES
-		( '$user_id', '$meta_key', '$meta_value' )");
+		( %d, %s, %s )", $user_id, $meta_key, $meta_value) );
 	} else if ( $cur->meta_value != $meta_value ) {
 		$wpdb->query( $wpdb->prepare("UPDATE $wpdb->usermeta SET meta_value = %s WHERE user_id = %d AND meta_key = %s", $meta_value, $user_id, $meta_key) );
 	} else {