Make WordPress Core


Ignore:
Timestamp:
09/19/2017 05:55:33 PM (4 years ago)
Author:
aaroncampbell
Message:

Database: Hardening to bring wpdb::prepare() inline with documentation.

wpdb::prepare() supports %s, %d, and %F as placeholders in the query string. Any other non-escaped % will be escaped.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/db.php

    r41470 r41496  
    274274    }
    275275
     276
    276277    /**
    277278     * Test that SQL modes are set correctly
     
    11161117        $this->assertSame( 'utf8_general_ci', $result['collate'] );
    11171118    }
     1119
     1120    /**
     1121     *
     1122     */
     1123    function test_prepare_with_unescaped_percents() {
     1124        global $wpdb;
     1125
     1126        $sql = $wpdb->prepare( '%d %1$d %%% %', 1 );
     1127        $this->assertEquals( '1 %1$d %% %', $sql );
     1128    }
    11181129}
Note: See TracChangeset for help on using the changeset viewer.