WordPress.org

Make WordPress Core


Ignore:
Timestamp:
06/10/2014 12:43:32 AM (7 years ago)
Author:
wonderboymusic
Message:

Replace all uses of like_escape() with $wpdb->esc_like().

Props miqrogroove.
See #10041.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/comment.php

    r28672 r28712  
    482482     */
    483483    protected function get_search_sql( $string, $cols ) {
    484         $string = esc_sql( like_escape( $string ) );
     484        global $wpdb;
    485485
    486486        $searches = array();
    487487        foreach ( $cols as $col )
    488             $searches[] = "$col LIKE '%$string%'";
     488            $searches[] = $wpdb->prepare( "$col LIKE %s", $wpdb->esc_like( $string ) );
    489489
    490490        return ' AND (' . implode(' OR ', $searches) . ')';
Note: See TracChangeset for help on using the changeset viewer.