WordPress.org

Make WordPress Core

Changeset 5779


Ignore:
Timestamp:
07/05/07 17:32:46 (8 years ago)
Author:
markjaquith
Message:

Automatically quote strings in $wpdb->prepare(). Use vsprintf(). see #4553

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/wp-db.php

    r5778 r5779  
    133133        $args = func_get_args(); 
    134134        $query = array_shift($args); 
     135        $query = str_replace("'%s'", '%s', $query); // in case someone mistakenly already quoted it 
     136        $query = str_replace('%s', "'%s'", $query); // quote the strings 
    135137        array_walk($args, array(&$this, 'escape_by_ref')); 
    136         return @call_user_func_array('sprintf', array_merge(array($query), $args)); 
     138        return @vsprintf($query, $args); 
    137139    } 
    138140 
Note: See TracChangeset for help on using the changeset viewer.