Changeset 24712 for trunk/wp-includes/wp-db.php

Timestamp:

07/16/2013 02:07:53 PM (12 years ago)

Author:

nacin

Message:

Always use mysql_real_escape_string(), even when DB_CHARSET is not properly set. fixes #24773.

File:

• trunk/wp-includes/wp-db.php (modified) (4 diffs)

trunk/wp-includes/wp-db.php

@@ -443 +443 @@
 
     /**
-     * Whether to use mysql_real_escape_string
-     *
-     * @since 2.8.0
-     * @access public
-     * @var bool
-     */
-    var $real_escape = false;
-
-    /**
      * Database Username
      *
@@ -649 +640 @@
             if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset' ) ) {
                 mysql_set_charset( $charset, $dbh );
-                $this->real_escape = true;
             } else {
                 $query = $this->prepare( 'SET NAMES %s', $charset );
@@ -871 +861 @@
 
     /**
-     * Real escape, using mysql_real_escape_string() or addslashes()
+     * Real escape, using mysql_real_escape_string()
      *
      * @see mysql_real_escape_string()
-     * @see addslashes()
      * @since 2.8.0
      * @access private
@@ -882 +871 @@
      */
     function _real_escape( $string ) {
-        if ( $this->dbh && $this->real_escape )
-            return mysql_real_escape_string( $string, $this->dbh );
-        else
-            return addslashes( $string );
+        return mysql_real_escape_string( $string, $this->dbh );
     }