[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 5 23:49:01 UTC 2010
#11608: wpdb->prepare() is broken
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Database | Version: 2.9
Severity: normal | Keywords: has-patch dev-feedback
--------------------------+-------------------------------------------------
Comment(by hakre):
Bah :) I suggest to keep it simple, keep the regexes out. No need to
double escape the hell out of it, just exactly do what is announced is the
save route to go. for example writing queries like:
{{{WHERE foo = 'a %s b'}}}
just shows that you do not have understood how to use prepare and that's
it. Just a wrong input, it will create a syntactically wrong formatted
query and that's it. %s should be consideres unquoted according the
prepare documentation.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:64>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list