[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries
WordPress Trac
noreply at wordpress.org
Mon Oct 31 20:44:12 UTC 2022
#52506: Add escaping method for table names in SQL queries
-------------------------------------------------+-------------------------
Reporter: tellyworth | Owner:
| davidbaumwald
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.1
Component: Database | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests early | Focuses:
commit needs-docs has-dev-note | performance
-------------------------------------------------+-------------------------
Comment (by SergeyBiryukov):
In [changeset:"54734" 54734]:
{{{
#!CommitTicketReference repository="" revision="54734"
Database: Revert [53575].
When using `'%%%s%%'` pattern with `$wpdb->prepare()`, it works on 6.0.3
but does not on 6.1-RC. Why? The inserted value is wrapped in quotes on
6.1-RC5 whereas it is not on <= 6.0.3.
With 6.1 final release tomorrow, more time is needed to further
investigate and test. Reverting this changeset to restore the previous
behavior.
This commit also adds a dataset for testing the `'%%%s%%'` pattern.
Props SergeyBiryukov, hellofromTonya, bernhard-reiter, desrosj,
davidbaumwald, jorbin.
Reviewed by hellofromTonya, SergeyBiryukov.
Merges [54733] to the 6.1 branch.
Fixes #56933.
See #52506.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:55>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list