Changeset 10604 for trunk/wp-includes/wp-db.php
- Timestamp:
- 02/20/2009 07:05:12 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/wp-db.php
r10597 r10604 428 428 } 429 429 430 /** 431 * Escapes content for insertion into the database, for security 432 * 433 * @since 0.71 434 * 435 * @param string $string 436 * @return string query safe string 437 */ 438 function escape($string) { 430 function _weak_escape($string) { 431 return addslashes($string); 432 } 433 434 function _real_escape($string) { 439 435 if ( $this->dbh && $this->real_escape ) 440 436 return mysql_real_escape_string( $string, $this->dbh ); 441 437 else 442 return addslashes( $string ); 438 return addslashes( $string ); 439 } 440 441 function _escape($data) { 442 if ( is_array($data) ) { 443 foreach ( (array) $data as $k => $v ) { 444 if ( is_array($v) ) 445 $data[$k] = $this->_escape( $v ); 446 else 447 $data[$k] = $this->_real_escape( $v ); 448 } 449 } else { 450 $data = $this->_real_escape( $data ); 451 } 452 453 return $data; 454 } 455 456 /** 457 * Escapes content for insertion into the database using addslashes(), for security 458 * 459 * @since 0.71 460 * 461 * @param string|array $data 462 * @return string query safe string 463 */ 464 function escape($data) { 465 if ( is_array($data) ) { 466 foreach ( (array) $data as $k => $v ) { 467 if ( is_array($v) ) 468 $data[$k] = $this->escape( $v ); 469 else 470 $data[$k] = $this->_weak_escape( $v ); 471 } 472 } else { 473 $data = $this->_weak_escape( $data ); 474 } 475 476 return $data; 443 477 } 444 478 … … 450 484 * @param string $s 451 485 */ 452 function escape_by_ref(&$s ) {453 $s = $this->escape($s);486 function escape_by_ref(&$string) { 487 $string = $this->_real_escape( $string ); 454 488 } 455 489 … … 666 700 */ 667 701 function insert($table, $data) { 668 $data = add_magic_quotes($data);702 $data = $this->_escape($data); 669 703 $fields = array_keys($data); 670 704 return $this->query("INSERT INTO $table (`" . implode('`,`',$fields) . "`) VALUES ('".implode("','",$data)."')"); … … 682 716 */ 683 717 function update($table, $data, $where){ 684 $data = add_magic_quotes($data);718 $data = $this->_escape($data); 685 719 $bits = $wheres = array(); 686 720 foreach ( (array) array_keys($data) as $k ) … … 689 723 if ( is_array( $where ) ) 690 724 foreach ( $where as $c => $v ) 691 $wheres[] = "$c = '" . $this-> escape( $v ) . "'";725 $wheres[] = "$c = '" . $this->_escape( $v ) . "'"; 692 726 else 693 727 return false;
Note: See TracChangeset
for help on using the changeset viewer.