Changeset 2699 for trunk/wp-comments-post.php

Timestamp:

07/05/2005 08:47:22 PM (21 years ago)

Author:

ryan

Message:

Use wpdb->escape instead of addslashes to prepare DB bound data.

File:

• trunk/wp-comments-post.php (modified) (1 diff)

trunk/wp-comments-post.php

@@ -25 +25 @@
 get_currentuserinfo();
 if ( $user_ID ) :
-    $comment_author       = addslashes($user_identity);
-    $comment_author_email = addslashes($user_email);
-    $comment_author_url   = addslashes($user_url);
+    $comment_author       = $wpdb->escape($user_identity);
+    $comment_author_email = $wpdb->escape($user_email);
+    $comment_author_url   = $wpdb->escape($user_url);
 else :
     if ( get_option('comment_registration') )