Changeset 17256
- Timestamp:
- 01/11/2011 08:15:25 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r17255 r17256 87 87 } 88 88 89 $s = $_GET['q']; // is this slashed already?89 $s = stripslashes( $_GET['q'] ); 90 90 91 91 if ( false !== strpos( $s, ',' ) ) { … … 97 97 die; // require 2 chars for matching 98 98 99 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')");99 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) ); 100 100 101 101 echo join( $results, "\n" );
Note: See TracChangeset
for help on using the changeset viewer.