From 8061e2b12d88e0afd482d952891182fe03e7bd63 Mon Sep 17 00:00:00 2001
From: champsupertramp <heychampsupertramp@gmail.com>
Date: Thu, 25 Feb 2016 19:55:43 +0800
Subject: [PATCH] Tweak sql concatenate with prepare statement

---
 core/um-permalinks.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/um-permalinks.php b/core/um-permalinks.php
index 63000674..295a70d6 100644
--- a/core/um-permalinks.php
+++ b/core/um-permalinks.php
@@ -240,7 +240,7 @@ class UM_Permalinks {
 		if( in_array( um_get_option( 'permalink_base'),  $full_name_permalinks ) )
 		{
 			$full_name = um_user( 'full_name' );
-			$count     = $wpdb->get_var( sprintf(
+			$count     = $wpdb->get_var( $wpdb->prepare(
 				"SELECT COUNT(*) as count FROM %s WHERE meta_key = 'full_name' && meta_value = '%s'",
 				$wpdb->usermeta,
 				um_user( 'full_name' )