[wp-trac] [WordPress Trac] #54042: Extending wpdb::prepare() to support table/field names, and IN() operator

WordPress Trac noreply at wordpress.org
Sat May 7 14:23:41 UTC 2022

#54042: Extending wpdb::prepare() to support table/field names, and IN() operator
 Reporter:  craigfrancis                         |       Owner:  (none)
     Type:  enhancement                          |      Status:  new
 Priority:  normal                               |   Milestone:  Future
                                                 |  Release
Component:  Database                             |     Version:
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch dev-feedback needs-        |     Focuses:
  testing early has-unit-tests                   |

Comment (by apokalyptik):

 Replying to [comment:31 craigfrancis]:

 > When you say "a single not-currently-used character", can you expand on

 Sure. The vsprintf format string
 [https://www.php.net/manual/en/function.vsprintf.php format] goes
 `%[argnum$][flags][width][.precision]specifier.` within this format each
 active piece of the format is exactly one character which is not reused
 between the hardcoded parts `%`, `%`, `.` and also the non-variable parts
 (that comprise `flags`, and `specifier`) with the only exception being `%`
 which the first `%` is escaping.

 This is why I felt that `%,d` fit better than `%...d`. `...` is both more
 than one character for an operation and also `.` is already used as the
 format signifier that the current version specification has entered
 defining `precision`

 > The `$arg_identifiers` are separate so I can easily
 db.php#L1641 escape them differently], and to trigger the "cannot be used
 for both String and Identifier escaping" error. As in, if someone tried to
 use the same value in both a string/number and identifier context (odd,
 but it might happen), because they cannot be escaped in the same way, I
 need to reject that, and ask them to provide the value twice, e.g.

 Right. I'm suggesting that a single array in the format of something like
 `$index[ $arg_id ] = array( $boolVariadic, $boolIdentifier[, ...] );`
 would let you 1) pull the data without doing an array value search with
 `in_array` (multiple times in some cases.) Just storing the metadata in a
 better indexed format like this removes the value searching.

Ticket URL: <https://core.trac.wordpress.org/ticket/54042#comment:32>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list