[wp-trac] Re: [WordPress Trac] #3286: Handling of escape sequences
is muddled and non-compatible
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 8 07:44:49 GMT 2006
#3286: Handling of escape sequences is muddled and non-compatible
----------------------+-----------------------------------------------------
Reporter: cdavies | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Security | Version: 2.0.4
Severity: major | Resolution:
Keywords: |
----------------------+-----------------------------------------------------
Comment (by ryan):
So escape only single quotes and escape them in the '' fashion. Also,
make sure $wpdb->escape() is used only when escaping on the way to the DB,
and use addslashes() when escaping for things like HTML and JS.
--
Ticket URL: <http://trac.wordpress.org/ticket/3286#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list