我正在建立一个新网站，我正在使用我制作的一个旧的自定义插件。没有找到编码员，电子邮件不起作用，所以我希望有人能在这里帮助我。

使用最新版本的Wordpress，我现在得到了错误：（wpdb：：prepare（）缺少参数2）这是自定义代码的一部分，我认为这是导致问题的原因。

$sql = $db->prepare("SELECT
        ap.photo_id,
        ap.creation_date,
        ap.owner_id,
        ap.file_id,
        ap.title AS photo_title,
        ap.description,
        aa.album_id,
        aa.title AS album_title, 
        aa.category_id,
        sf.storage_path,
        u.displayname,
        u.username
    FROM 
        engine4_album_photos ap
        LEFT JOIN engine4_album_albums aa ON aa.album_id = ap.album_id AND category_id <> 0
        LEFT JOIN engine4_storage_files sf ON sf.".($thumbquality==\'yes\'?"parent_file_id":"file_id")." = ap.file_id AND sf.user_id = ap.owner_id
        JOIN engine4_authorization_allow auth ON auth.resource_id = aa.album_id AND auth.resource_type=\'album\' AND auth.action=\'view\' AND auth.role=\'everyone\'
        JOIN engine4_users u ON u.user_id = ap.owner_id
    GROUP BY 
        ap.photo_id
    ORDER BY
        ap.creation_date DESC
    {$pullcount}");

如果有人能帮我，我会非常感激的。我需要修复这个问题，这样就不会出现错误，也不会对某些类型的恶意注入打开。请帮忙！谢谢

$sql = $db->prepare("SELECT
        ap.photo_id,
        ap.creation_date,
        ap.owner_id,
        ap.file_id,
        ap.title AS photo_title,
        ap.description,
        aa.album_id,
        aa.title AS album_title, 
        aa.category_id,
        sf.storage_path,
        u.displayname,
        u.username
    FROM 
        engine4_album_photos ap
        LEFT JOIN engine4_album_albums aa ON aa.album_id = ap.album_id AND category_id <> 0
        LEFT JOIN engine4_storage_files sf ON sf.%s = ap.file_id AND sf.user_id = ap.owner_id
        JOIN engine4_authorization_allow auth ON auth.resource_id = aa.album_id AND auth.resource_type=\'album\' AND auth.action=\'view\' AND auth.role=\'everyone\'
        JOIN engine4_users u ON u.user_id = ap.owner_id
    GROUP BY 
        ap.photo_id
    ORDER BY
        ap.creation_date DESC %s", $thumbquality == \'yes\' ? "parent_file_id" : "file_id", $pullcount);