#6227 closed defect (bug) (fixed)
wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 2.6 |
| Component: | General | Version: | 2.3.3 |
| Severity: | normal | Keywords: | |
| Cc: |
Description
I'd tried using wp_insert_post as described in the function reference. This caused major problems with post_content like --it's a rainy day-- because:
- wp_insert_post does not escape its query parameters
- it does not check the return value of $wpdb->query
This meant that I got a perfectly innocent ID in return which I used in other tables but there never was a post with this ID in the actual wp_posts table. Worst of all, WordPress cached some info of this post in its postcache, meaning I got a half finished post on the frontpage of my blog but no way to link to it.
Change History (4)
- Summary changed from wp_insert_post should check the return value of $wpdb->query or use $wpdb->query to wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
Sorry, wrong title. I meant $wpdb->escape.