[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries

WordPress Trac noreply at wordpress.org
Mon Oct 31 20:44:12 UTC 2022


#52506: Add escaping method for table names in SQL queries
-------------------------------------------------+-------------------------
 Reporter:  tellyworth                           |       Owner:
                                                 |  davidbaumwald
     Type:  defect (bug)                         |      Status:  closed
 Priority:  normal                               |   Milestone:  6.1
Component:  Database                             |     Version:
 Severity:  normal                               |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests early       |     Focuses:
  commit needs-docs has-dev-note                 |  performance
-------------------------------------------------+-------------------------

Comment (by SergeyBiryukov):

 In [changeset:"54734" 54734]:
 {{{
 #!CommitTicketReference repository="" revision="54734"
 Database: Revert [53575].

 When using `'%%%s%%'` pattern with `$wpdb->prepare()`, it works on 6.0.3
 but does not on 6.1-RC. Why? The inserted value is wrapped in quotes on
 6.1-RC5 whereas it is not on <= 6.0.3.

 With 6.1 final release tomorrow, more time is needed to further
 investigate and test. Reverting this changeset to restore the previous
 behavior.

 This commit also adds a dataset for testing the `'%%%s%%'` pattern.

 Props SergeyBiryukov, hellofromTonya, bernhard-reiter, desrosj,
 davidbaumwald, jorbin.
 Reviewed by hellofromTonya, SergeyBiryukov.
 Merges [54733] to the 6.1 branch.
 Fixes #56933.
 See #52506.
 }}}

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:55>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list