Changes between Initial Version and Version 1 of Ticket #10041, comment 10
- Timestamp:
- 02/05/2013 05:33:08 AM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #10041, comment 10
initial v1 5 5 1. Super-global variables should be addslashes() instead of wpdb->escape(). That was changed in [12961]. 6 6 7 2. I discovered the list of like-special chars is not limited to \ % _ Apparently single and double quotes are also special at the LIKE layer, so searching literally for hello\\'worldbecomes an interesting test case. This contradicts the MySQL manual, but appears to be accurate. I also confirmed \x, \0, \r, and \n are not special at the LIKE layer.7 2. I discovered the list of like-special chars is not limited to \ % _ Apparently single and double quotes are also special at the LIKE layer, so searching literally for {{{hello\\'world}}} becomes an interesting test case. This contradicts the MySQL manual, but appears to be accurate. I also confirmed \x, \0, \r, and \n are not special at the LIKE layer. 8 8 9 9 3. We did not yet decide on a new pattern for calling like_escape(). Any time a super-global variable is passed in, it must be stripslashes() first. We could make that a requirement, or we could create a second function like_escape_global() that includes the call to stripslashes(). In any case, escape() or prepare() must still be used after like_escape(), unless there are more changes.