WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21767, comment 50


Ignore:
Timestamp:
02/06/13 19:13:18 (2 years ago)
Author:
ryan
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21767, comment 50

    initial v1  
    1 While we're about this we will need to audit all wpdb calls to make sure the queries are properly prepare()d. esc_sql() and $wdb->escape() should not be used in core code making queries. They are both weak. 
     1While we're about this we will need to audit all wpdb calls to make sure the queries are properly prepare()d. esc_sql() and $wdb->escape() should not be used in core code making queries. They are both weak. When they are used where addslashes/stripslashes is intended, they should be converted to wpslash/unslash(). If they are escaping a query that is going to the DB, prepare() should be used instead.