[wp-trac] [WordPress Trac] #11605: esc_sql does not escape sql, it just adds slashes
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 27 11:09:22 UTC 2009
#11605: esc_sql does not escape sql, it just adds slashes
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+-------------------------------------------------
Comment(by nacin):
> Anyone using a drop-in wpdb replacement would suddenly find their SQL
unescaped.
Should be:
... would suddenly find their SQL escaped in what may be a method that
differs from what their drop-in specifies.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11605#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list