[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken

WordPress Trac wp-trac at lists.automattic.com
Tue Jan 5 23:49:01 UTC 2010

#11608: wpdb->prepare() is broken
 Reporter:  hakre         |       Owner:  ryan                  
     Type:  defect (bug)  |      Status:  new                   
 Priority:  normal        |   Milestone:  3.0                   
Component:  Database      |     Version:  2.9                   
 Severity:  normal        |    Keywords:  has-patch dev-feedback

Comment(by hakre):

 Bah :) I suggest to keep it simple, keep the regexes out. No need to
 double escape the hell out of it, just exactly do what is announced is the
 save route to go. for example writing queries like:

 {{{WHERE foo = 'a %s b'}}}

 just shows that you do not have understood how to use prepare and that's
 it. Just a wrong input, it will create a syntactically wrong formatted
 query and that's it. %s should be consideres unquoted according the
 prepare documentation.

Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:64>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list