[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries
WordPress Trac
noreply at wordpress.org
Wed Sep 22 16:44:54 UTC 2021
#52506: Add escaping method for table names in SQL queries
--------------------------+------------------------------
Reporter: tellyworth | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version:
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+------------------------------
Comment (by craigfrancis):
I've [https://github.com/WordPress/wordpress-develop/pull/1668 updated my
patch] so that it passes the existing unit tests.
Some basic checks suggest it might run a bit faster than the original - a
10k loop, on a query with 1 argument went from ~0.029 to ~0.023, and 3
arguments went from ~0.045s to ~0.041s (I think that's due to removing a
RegEx).
I am still concerned that "%s / %5s" would quote the first string but not
the second, but doing so does preserve backwards compatibility -
"frequently used in the middle of longer strings, or as table name
placeholders".
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list