id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
1394	add_slashes() does not escape all database input correctly	auroraeosrose	anonymous	"wp-db.php - the database class - the escape function uses add_slashes to try to escape data for sql use/insertion

This will fail under several methods
1. Mysql in ansi mode
2. NULL, \x00, \n, \r, \, "" and \x1a characters not escaped
3. Mysql 4.1 with a different character set or earlier versions when mysql is run in a different character set

mysql_escape_string() has been around since 4.0.3
since wordpress requires 4.1 it shouldn't be a problem"	defect (bug)	closed	normal		Security	1.5.1.1	major	fixed