$wpdb->prepare() fails with localized floats
|Reported by:||laotse||Owned by:||nacin|
The implementation of $wpdb->prepare() is buggy in several aspects. The mess shows strikingly, if you try to write floats using %f to the database using a server locale, which has a decimal colon instead of a dot.
Unfortunately sprintf() is localized in contrast to sccanf()! Furthermore, since PHP performs auto conversion, it can happen that a float is already passed as a string. Unfortunately, the array_walk() in prepare() escapes the ',' such that floatval() will drop the decimals. At least it does not produce another value, like if a float was passed.
I wrote a re-implementation, which also does without any '@' prefixes. It does well for the plugin - I did not yet try to replace the core function. I'd gladly provide my code to someone, who knows how to test the code thoroughly.
Change History (28)
- Keywords has-patch added; needs-patch removed
- Milestone changed from Awaiting Review to 3.5
comment:15 nacin — 21 months ago
- Owner set to nacin
- Resolution set to fixed
- Status changed from new to closed
comment:16 follow-up: ↓ 17 nacin — 20 months ago
- Resolution fixed deleted
- Status changed from closed to reopened