[wp-trac] Re: [WordPress Trac] #5455: Charset SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Wed Feb 6 16:34:13 GMT 2008

#5455: Charset SQL Injection Vulnerability
 Reporter:  pishmishy  |        Owner:  pishmishy
     Type:  defect     |       Status:  assigned 
 Priority:  normal     |    Milestone:  2.6      
Component:  Security   |      Version:  2.5      
 Severity:  normal     |   Resolution:           
 Keywords:  has-patch  |  
Comment (by pishmishy):

 Oh and in your patch I think that
 function escape($string)
 Can just be
 function escape($string) { return mysql_real_escape_string( $string,
 $this->dbh );  }
 The problem isn't that we can't use mysql_real_escape_string() for some
 character sets - just that it doesn't always do what's expected. Since
 addslashes() doesn't either - I think we might well just use
 mysql_real_escape_string() and make the code simple. I hope that makes
 sense =)

Ticket URL: <http://trac.wordpress.org/ticket/5455#comment:15>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list