[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 8 12:57:38 UTC 2010
#11819: Use mysql_real_escape_string instead of addslashes
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: closed
Priority: high | Milestone:
Component: Security | Version: 2.5
Severity: critical | Resolution: invalid
Keywords: dev-feedback |
--------------------------+-------------------------------------------------
Comment(by hakre):
Replying to [comment:2 nacin]:
> We bumped MySQL to 4.1.2. We've been requiring PHP 4.3 since, I think,
WP 2.5.
Yeah, right, my fault. This is then a case since 2008-03-29.
> As the history shows (thanks for the kudos), whenever we've switched
over to real_escape, we've quickly reverted to addslashes().
Might be but the question is why? Is mysql_real_escape() broken? Does it
not work? Or was it just a mistake to revert the change years ago? From
what I can find documented it does not say a lot and it's years ago (5
years or so), the remove was about two and a half year before even WP 2.5
was released. And that was the release which actually offered that
function.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list