Changes between Initial Version and Version 1 of Ticket #21767, comment 50
- Timestamp:
- 02/06/2013 07:13:18 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21767, comment 50
initial v1 1 While we're about this we will need to audit all wpdb calls to make sure the queries are properly prepare()d. esc_sql() and $wdb->escape() should not be used in core code making queries. They are both weak. 1 While we're about this we will need to audit all wpdb calls to make sure the queries are properly prepare()d. esc_sql() and $wdb->escape() should not be used in core code making queries. They are both weak. When they are used where addslashes/stripslashes is intended, they should be converted to wpslash/unslash(). If they are escaping a query that is going to the DB, prepare() should be used instead.