[wp-trac] [WordPress Trac] #23064: support str_to_date on $wpdb->prepare
WordPress Trac
noreply at wordpress.org
Fri Dec 28 09:25:56 UTC 2012
#23064: support str_to_date on $wpdb->prepare
--------------------------------------+----------------------
Reporter: jperelli | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Database | Version: 3.4.2
Severity: normal | Resolution: invalid
Keywords: needs-patch dev-feedback |
--------------------------------------+----------------------
Comment (by dd32):
> I thought wpdb::prepare() was like addslashes or mysql_escape_string,
and made some sort of crazy magic to secure the query, but is more like
sprintf.
It does escape the arguements to protect against SQL injection and the
alike, but in order for it to do so, the arguements need to be passed in
as seperate items, with place holders in the original SQL statement.
internally it does use sprintf() to insert the escaped data however.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23064#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list