[wp-trac] Re: [WordPress Trac] #2458: postmeta data not escaped

WordPress Trac wp-trac at lists.automattic.com
Fri Feb 17 20:05:28 GMT 2006

#2458: postmeta data not escaped
       Id:  2458            |      Status:  new                     
Component:  Administration  |    Modified:  Fri Feb 17 20:05:28 2006
 Severity:  normal          |   Milestone:                          
 Priority:  normal          |     Version:  2.0.1                   
    Owner:  anonymous       |    Reporter:  bungeman                
Comment (by bungeman):

 Why is escaping always done so high in the food chain? This seems to be
 common throughout the code. It would seem that this duplication of
 information would be nothing but a giant headache. Since escaping should
 only be done in order to create queries, all $wpdb->escape() calls should
 only be used in the (direct) creation of query strings. If a variable will
 be used to hold a value escaped in this way it should carry something like
 db_x, since it duplicates information. At the very least there needs to be
 some documentation on which kind a function takes, escaped or non-escaped.

Ticket URL: <http://trac.wordpress.org/ticket/2458>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list