[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 25 00:34:28 UTC 2009
#11608: wpdb->prepare() is broken
-----------------------------+----------------------------------------------
Reporter: hakre | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Database | Version: 2.9
Severity: normal | Keywords: has-patch tested
-----------------------------+----------------------------------------------
Comment(by hakre):
Replying to [comment:1 dd32]:
> Priority and Severity: It works securely at present if the basic printf
rules are followed.
False prediction.
> Can you please supply some examples of what doesnt work? What problems
are run into when using '%%' for example?
Execute and read the code to see for yourself. There is nothing better
than the own reception. As you wrote in the other ticket you are not
properly getting the whole view, so a little playing around won't be wrong
I assume.
> The data being passed into the function may contain whatever it wants,
That doesnt affect the parser, The only location where you have to be
careful, Is the Query itself, If you require to use '%' in there, then it
needs to be escaped properly, That is the only time it should cause an
error.
Per definition query '''''is data''''' passed into the function.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list