[wp-trac] [WordPress Trac] #10041: like_escape() should escape backslashes too
WordPress Trac
noreply at wordpress.org
Sat Apr 5 09:00:05 UTC 2014
#10041: like_escape() should escape backslashes too
------------------------------------+-----------------------------
Reporter: miau_jp | Owner:
Type: defect (bug) | Status: reopened
Priority: high | Milestone: Future Release
Component: Formatting | Version: 2.8
Severity: normal | Resolution:
Keywords: dev-feedback 4.0-early | Focuses:
------------------------------------+-----------------------------
Comment (by Denis-de-Bernardy):
Also, and btw, `addclashes()` doesn't seem to double-escape occurrences of
escaped quotes, so this works fine:
{{{
var_dump(
addslashes("Hello'\"\\ World"),
addslashes(addcslashes(addslashes("Hello'\"\\ World"), "_%"))
);
Yields:
string 'Hello\'\"\\ World' (length=17)
string 'Hello\\\'\\\"\\\\ World' (length=23)
And then:
MariaDB [(none)]> select 'Hello\'\"\\ World', 'Hello\'\"\\ World' like
'Hello\\\'\\\"\\\\ World';
+----------------+----------------------------------------------------+
| Hello'"\ World | 'Hello\'\"\\ World' like 'Hello\\\'\\\"\\\\ World' |
+----------------+----------------------------------------------------+
| Hello'"\ World | 1 |
+----------------+----------------------------------------------------+
1 row in set (0.00 sec)
}}}
Which probably means that this three-liner would be an adequate
replacement that passes all of the tests:
{{{
function quote_sql_like($str) {
return addcslashes(addslashes($str), '%_');
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/10041#comment:29>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list