Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#5188 closed enhancement (wontfix)

Additional DB sanitization functions

Reported by: markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:


For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.


sanitize_column($column name);

Any others?

Change History (3)

#1 @ffemtcj
8 years ago

  • Milestone changed from 2.5 to 2.7

No Patch. Moved to 2.7

#2 @santosj
7 years ago

  • Milestone changed from 2.7 to 2.9

No patch moving to 2.9.

#3 @Denis-de-Bernardy
7 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.

It's the plugin author's responsibility to make sure that whatever he adds is valid sql.

Note: See TracTickets for help on using tickets.