Changeset 28711 for trunk/src/wp-includes/wp-db.php
- Timestamp:
- 06/10/2014 12:29:35 AM (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-includes/wp-db.php
r28657 r28711 1170 1170 1171 1171 /** 1172 * First half of escaping for LIKE special characters % and _ before preparing for MySQL. 1173 * 1174 * Use this only before wpdb::prepare() or esc_sql(). Reversing the order is very bad for security. 1175 * 1176 * Example Prepared Statement: 1177 * $wild = '%'; 1178 * $find = 'only 43% of planets'; 1179 * $like = $wild . $wpdb->esc_like( $find ) . $wild; 1180 * $sql = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like ); 1181 * 1182 * Example Escape Chain: 1183 * $sql = esc_sql( $wpdb->esc_like( $input ) ); 1184 * 1185 * @since 4.0.0 1186 * 1187 * @param string $text The raw text to be escaped. The input typed by the user should have no extra or deleted slashes. 1188 * @return string Text in the form of a LIKE phrase. The output is not SQL safe. Call prepare or real_escape next. 1189 */ 1190 function esc_like( $text ) { 1191 return addcslashes( $text, '_%\\' ); 1192 } 1193 1194 /** 1172 1195 * Print SQL/DB error. 1173 1196 *
Note: See TracChangeset
for help on using the changeset viewer.