Changes between Initial Version and Version 1 of Ticket #21767, comment 48
- Timestamp:
- 02/04/2013 03:38:16 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21767, comment 48
initial v1 1 C lls to esc_sql(), $wpdb->escape(), addslashes(), add_magic_quotes() on data passed to core API also need to be audited and probably removed. Escaping should be done with $wpdb->prepare() ( or update() and insert() ) right before the data goes to the DB.1 Calls to esc_sql(), $wpdb->escape(), addslashes(), add_magic_quotes() on data passed to core API also need to be audited and probably removed. Escaping should be done with $wpdb->prepare() ( or update() and insert() ) right before the data goes to the DB.