[wp-trac] [WordPress Trac] #11102: $wpdb->prepare should merge all arguments to pass to vsprintf
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 22 18:45:29 UTC 2009
#11102: $wpdb->prepare should merge all arguments to pass to vsprintf
-------------------------+--------------------------------------------------
Reporter: westi | Owner: westi
Type: enhancement | Status: new
Priority: normal | Milestone: 3.0
Component: Database | Version: 2.9
Severity: normal | Keywords: has-patch early
-------------------------+--------------------------------------------------
Comment(by Denis-de-Bernardy):
what I'd find interesting, personally, is:
{{{
prepare("SELECT * FROM table WHERE col IN (%s)", $array);
}}}
anything else doesn't make much sense. depending on whether we have %d or
%s, $array should then expand to:
{{{
implode(", ", array_map('intval', $array))
}}}
or:
{{{
"'" . implode("', '", $wpdb->escape($array)) . "'"
}}}
before it does, though, it should check if the array is empty, and
fallback to NULL. Queries with an IN () clause are invalid SQL, and
they're the kind of crippling bugs that are difficult to spot when
scanning a query log. If the same query contains a big fat NULL in the
SQL, it immediately becomes more obvious what the problem is.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11102#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list