[wp-trac] [WordPress Trac] #23064: support str_to_date on $wpdb->prepare

WordPress Trac noreply at wordpress.org
Fri Dec 28 09:25:56 UTC 2012

#23064: support str_to_date on $wpdb->prepare
 Reporter:  jperelli                  |       Owner:
     Type:  defect (bug)              |      Status:  closed
 Priority:  normal                    |   Milestone:
Component:  Database                  |     Version:  3.4.2
 Severity:  normal                    |  Resolution:  invalid
 Keywords:  needs-patch dev-feedback  |

Comment (by dd32):

 > I thought wpdb::prepare() was like addslashes or mysql_escape_string,
 and made some sort of crazy magic to secure the query, but is more like

 It does escape the arguements to protect against SQL injection and the
 alike, but in order for it to do so, the arguements need to be passed in
 as seperate items, with place holders in the original SQL statement.
 internally it does use sprintf() to insert the escaped data however.

Ticket URL: <http://core.trac.wordpress.org/ticket/23064#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list