[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 17 18:42:56 UTC 2010
#11819: Use mysql_real_escape_string instead of addslashes
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: dev-feedback |
--------------------------+-------------------------------------------------
Comment(by hakre):
Well, to answer Denis questions then finally a look into the mysql
sourcecode must be taken, but this is far out of my scope. I collected
most of the interesting info [http://hakre.wordpress.com/2010/01/17
/mysql_real_escape_string-and-set-names/ on my blog] now so if you like to
have proper escaping, just use PHP 5.2.3 and MySQL 5.0.7 combined with
already named wpdb::functions.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:18>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list