Make WordPress Core

Opened 11 years ago

Closed 9 years ago

#5188 closed enhancement (wontfix)

Additional DB sanitization functions

Reported by: markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.


sanitize_column($column name);

Any others?

Change History (3)

#1 @ffemtcj
10 years ago

  • Milestone changed from 2.5 to 2.7

No Patch. Moved to 2.7

#2 @santosj
10 years ago

  • Milestone changed from 2.7 to 2.9

No patch moving to 2.9.

#3 @Denis-de-Bernardy
9 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.

It's the plugin author's responsibility to make sure that whatever he adds is valid sql.

Note: See TracTickets for help on using tickets.