[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken

WordPress Trac wp-trac at lists.automattic.com
Fri Dec 25 00:00:21 UTC 2009


#11608: wpdb->prepare() is broken
-----------------------------+----------------------------------------------
 Reporter:  hakre            |       Owner:  ryan                    
     Type:  feature request  |      Status:  new                     
 Priority:  normal           |   Milestone:  Future Release          
Component:  Database         |     Version:  2.9                     
 Severity:  normal           |    Keywords:  needs-patch dev-feedback
-----------------------------+----------------------------------------------

Comment(by miqrogroove):

 So the worst case scenario is something like this:

 {{{
 $wpdb->prepare("SELECT 1 WHERE table.row LIKE '%stupid' AND othertable.row
 = %s", $_GET['thisissafetodolol'])
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list