[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries
WordPress Trac
noreply at wordpress.org
Fri Jan 27 18:48:08 UTC 2023
#52506: Add escaping method for table names in SQL queries
-------------------------------------------------+-------------------------
Reporter: tellyworth | Owner:
| davidbaumwald
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.2
Component: Database | Version:
Severity: normal | Resolution: fixed
Keywords: has-unit-tests early needs-docs | Focuses:
has-patch needs-testing needs-dev-note | performance
-------------------------------------------------+-------------------------
Changes (by davidbaumwald):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"55151" 55151]:
{{{
#!CommitTicketReference repository="" revision="55151"
Database: Add `%i` placeholder support to `$wpdb->prepare` to escape table
and column names, take 2.
[53575] during the 6.1 cycle was reverted in [54734] to address issues
around multiple `%` placeholders not being properly quoted as reported in
#56933. Since then, this issue has been resolved and the underlying code
improved significantly. Additionally, the unit tests have been expanded
and the inline docs have been improved as well.
This change reintroduces `%i` placeholder support in `$wpdb->prepare()` to
give extenders the ability to safely escape table and column names in
database queries.
Follow-up to [53575] and [54734].
Props craigfrancis, jrf, xknown, costdev, ironprogrammer, SergeyBiryukov.
Fixes #52506.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:70>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list