[wp-trac] [WordPress Trac] #24774: Deprecate wpdb::escape()
WordPress Trac
noreply at wordpress.org
Tue Jul 16 17:37:15 UTC 2013
#24774: Deprecate wpdb::escape()
----------------------------+-----------------
Reporter: nacin | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 3.6
Component: Database | Version:
Severity: normal | Keywords:
----------------------------+-----------------
wpdb::escape() has been used by core and plugins as a generic addslashes()
alias. That isn't ideal. In #21767 we've removed all improper usage of
wpdb::escape(), at which point everything now uses either wpdb::prepare()
or esc_sql() (for database escaping) or wp_slash() (for the unfortunate
need to generically slash).
We should deprecate wpdb::escape(). In the process, esc_sql() should
become a wrapper for real escape, because it would be crazy and wrong to
be using esc_sql() in a non-SQL context.
This came out of work by the WP security team.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24774>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list