I’m having an issue with mysql_real_escape_string. This is used to display a custom post type (food menu items) for the WooThemes Diner theme. Food menu items no longer display on the Diner menu page because they are being called with mysql_real_escape_string.
What is the proper way to call these items?
Theme: Diner by WooThemes version 1.9.8 (now retired from active support)
Affected file: admin-interface.php
Lines: 111 & 118
/* WooThemes Admin Interface - woothemes_add_admin */
if ( ! function_exists( 'woothemes_add_admin' ) ) {
function woothemes_add_admin() {
global $query_string;
global $current_user;
$current_user_id = $current_user->user_login;
$super_user = get_option( 'framework_woo_super_user' );
$themename = get_option( 'woo_themename' );
$shortname = get_option( 'woo_shortname' );
// Reset the settings, sanitizing the various requests made.
// Use a SWITCH to determine which settings to update.
/* Make sure we're making a request.
if ( isset( $_REQUEST['page'] ) ) {
// Sanitize page being requested.
$_page = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['page'] ) ) ) );
// Sanitize action being requested.
$_action = '';
if ( isset( $_REQUEST['woo_save'] ) ) {
$_action = mysql_real_escape_string( strtolower( trim( strip_tags( $_REQUEST['woo_save'] ) ) ) );
} // End IF Statement
// If the action is "reset", run the SWITCH.
/* Perform settings reset.