### Eclipse Workspace Patch 1.0
#P wordpress-trunk
Index: wp-includes/wp-db.php
===================================================================
--- wp-includes/wp-db.php	(revision 12527)
+++ wp-includes/wp-db.php	(working copy)
@@ -530,26 +530,38 @@
 	}
 
 	/**
-	 * Prepares a SQL query for safe execution.  Uses sprintf()-like syntax.
+	 * Mimicks a prepare of a SQL query for execution.  
+	 * 
+	 * The following placeholders can be used for values:
+	 * 
+	 *   %d (decimal number)
+	 *   %s (string)
+	 *   %% (%)
+	 *   
+	 * Both %d and %s should be left unquoted in the query string.
 	 *
+	 * <code>
+	 * wpdb::prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d", "foo", 1337 )
+	 * </code>
+	 * 
+	 * NOTE: This has nothing to do with prepared statements your database might support.
+	 *  
+	 * More technical information:
+	 * 
+	 * Uses sprintf()-like syntax.
+	 *
 	 * This function only supports a small subset of the sprintf syntax; it only supports %d (decimal number), %s (string).
 	 * Does not support sign, padding, alignment, width or precision specifiers.
 	 * Does not support argument numbering/swapping.
 	 *
 	 * May be called like {@link http://php.net/sprintf sprintf()} or like {@link http://php.net/vsprintf vsprintf()}.
 	 *
-	 * Both %d and %s should be left unquoted in the query string.
-	 *
-	 * <code>
-	 * wpdb::prepare( "SELECT * FROM `table` WHERE `column` = %s AND `field` = %d", "foo", 1337 )
-	 * </code>
-	 *
 	 * @link http://php.net/sprintf Description of syntax.
 	 * @since 2.3.0
 	 *
-	 * @param string $query Query statement with sprintf()-like placeholders
-	 * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called like {@link http://php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}.
-	 * @param mixed $args,... further variables to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}.
+	 * @param string $query Query statement with wpdb->prepare placeholders
+	 * @param array|mixed $args The array of variables to substitute into the query's placeholders if being called compareable to {@link http://php.net/vsprintf vsprintf()}, or the first variable to substitute into the query's placeholders if being called like {@link http://php.net/sprintf sprintf()}.
+	 * @param mixed $args,... further variables to substitute.
 	 * @return null|string Sanitized query string
 	 */
 	function prepare($query = null) { // ( $query, *$args )
@@ -560,9 +572,7 @@
 		// If args were passed as an array (as in vsprintf), move them up
 		if ( isset($args[0]) && is_array($args[0]) )
 			$args = $args[0];
-		$query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already singlequoted it
-		$query = str_replace('"%s"', '%s', $query); // doublequote unquoting
-		$query = str_replace('%s', "'%s'", $query); // quote the strings
+		$query = preg_replace('|(?<!%)%s|', "'%s'", $query); //quote the strings, Avoiding escaped strings
 		array_walk($args, array(&$this, 'escape_by_ref'));
 		return @vsprintf($query, $args);
 	}