[wp-trac] [WordPress Trac] #54042: Extending wpdb::prepare() to support table/field names, and IN() operator

WordPress Trac noreply at wordpress.org
Fri Nov 5 13:40:40 UTC 2021


#54042: Extending wpdb::prepare() to support table/field names, and IN() operator
-------------------------------------------------+-------------------------
 Reporter:  craigfrancis                         |       Owner:  (none)
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Database                             |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch dev-feedback needs-        |     Focuses:
  testing early                                  |
-------------------------------------------------+-------------------------

Comment (by craigfrancis):

 Thanks @johnbillion; that’s a good point, and I’m happy to look at
 alternatives (as an aside, there are a couple of things I’d like to do
 with wpdb, like looking at "%s / %5s" quoting the first string but not the
 second, and being able to use the `literal-string` type to prevent
 Injection vulnerabilities, but that’s going a bit off topic, so maybe a
 chat on Slack/email?).

 As to this proposal, I would like to keep all escaping functionality in
 one method, so we keep using one nice and simple way to handle all values
 (rather than having 2-3 different methods everyone needs to know about,
 even in ~10 years time)… that said, you are right, a plug-in does need to
 know if it can use these placeholders, so maybe a version number (what
 does `EZSQL_VERSION` do? or maybe a simpler `$wbdp->version = 2`?), or
 maybe a method that returns an array of capabilities or details about
 wpdb?

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/54042#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list