Changeset 24718 for trunk/wp-includes/formatting.php

Timestamp:

07/16/2013 05:44:42 PM (12 years ago)

Author:

nacin

Message:

Deprecate wpdb::escape() in favor of wpdb::prepare() and esc_sql(). fixes #24774.

File:

• trunk/wp-includes/formatting.php (modified) (1 diff)

trunk/wp-includes/formatting.php

@@ -2592 +2592 @@
 
 /**
- * Escapes data for use in a MySQL query
- *
- * This is just a handy shortcut for $wpdb->escape(), for completeness' sake
+ * Escapes data for use in a MySQL query.
+ *
+ * Usually you should prepare queries using wpdb::prepare().
+ * Sometimes, spot-escaping is required or useful. One example
+ * is preparing an array for use in an IN clause.
  *
  * @since 2.8.0
- * @param string $sql Unescaped SQL data
- * @return string The cleaned $sql
- */
-function esc_sql( $sql ) {
+ * @param string $data Unescaped data
+ * @return string Escaped data
+ */
+function esc_sql( $data ) {
     global $wpdb;
-    return $wpdb->escape( $sql );
+    return $wpdb->_escape( $data );
 }