make addslashes_gpc() use addslashes() fix to use real_escape, rather than addslashes
|Reported by:||Denis-de-Bernardy||Owned by:||ryan|
If memory serves, the main problems with making wpdb->escape() point to mysql_real_escape_string() were two:
- mysql_real_escape_string() doesn't work on all platforms
- mysql_real_escape_string() doesn't play well with unslashing
Point 1 is covered in wpdb->_real_escape().
The legacy fix to point 2, for some strange reason, led to disabling mysql_real_escape_string() on platforms that could actually use it, instead of using add_magic_quotes() where calls to addslashes()/stripslashes() could occur.
r12961 partially fixes point 2. But only partially.
At the risk of re-opening the can of worms, the attached patch finishes fixing point 2...:
- It changes addslashes_gpc() and esc_sql() so that they use add_magic_quotes() instead.
- This frees wpdb->escape(), which can then be a true alias for wpdb->_real_escape().
I've scanned trunk for occurrences of wpdb->escape() used on arrays -- there were none.