Make WordPress Core


Ignore:
Timestamp:
09/28/2017 04:31:05 AM (4 years ago)
Author:
pento
Message:

Database: Don't quote placeholders in queries going through $wpdb->prepare()

To bring Core into line with the changes to $wpdb->prepare() in WordPress 4.8.2, query placeholders shouldn't be quoted.

Props jrf, johnjamesjacoby.
Fixes #41983.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/wp-db.php

    r41496 r41628  
    12681268     *     $find = 'only 43% of planets';
    12691269     *     $like = $wild . $wpdb->esc_like( $find ) . $wild;
    1270      *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE '%s'", $like );
     1270     *     $sql  = $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_content LIKE %s", $like );
    12711271     *
    12721272     * Example Escape Chain:
Note: See TracChangeset for help on using the changeset viewer.