[wp-trac] Re: [WordPress Trac] #2458: postmeta data not escaped
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 17 20:05:28 GMT 2006
#2458: postmeta data not escaped
----------------------------+-----------------------------------------------
Id: 2458 | Status: new
Component: Administration | Modified: Fri Feb 17 20:05:28 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.0.1
Owner: anonymous | Reporter: bungeman
----------------------------+-----------------------------------------------
Comment (by bungeman):
Why is escaping always done so high in the food chain? This seems to be
common throughout the code. It would seem that this duplication of
information would be nothing but a giant headache. Since escaping should
only be done in order to create queries, all $wpdb->escape() calls should
only be used in the (direct) creation of query strings. If a variable will
be used to hold a value escaped in this way it should carry something like
db_x, since it duplicates information. At the very least there needs to be
some documentation on which kind a function takes, escaped or non-escaped.
--
Ticket URL: <http://trac.wordpress.org/ticket/2458>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list