Changes between Version 2 and Version 3 of Ticket #57149, comment 1
- Timestamp:
- 11/21/2022 02:15:06 AM (2 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #57149, comment 1
v2 v3 58 58 * and `_` does not need escaping the way `%` does 59 59 * I.E. `\_\_\_` needs to mean `wp\_\_\_users` and cannot mean `wp___users` 60 1. Instead, ''most likely'', these queries should be concatenated, unescaped and unprepared, and manually slashed to accommodate the desired matching :60 1. Instead, ''most likely'', these queries should be concatenated, unescaped and unprepared, and manually slashed to accommodate the desired matching. In this way, the core `str_replace( '\\_', '_', $maybe[2] )` is surprisingly accurate: 61 61 {{{ 62 62 $like = 'wp\\\_\\\_\\\_\\\_users'; … … 64 64 $query = $wpdb->get_var( $sql ); 65 65 }}} 66 In this way, the core `str_replace( '\\_', '_', $maybe[2] )` is surprisingly accurate. 66 ...or... 67 {{{ 68 $like = $wpdb->esc_like( 'wp\_\_\_\_users' ); 69 $sql = "SHOW TABLES LIKE '{$like}'"; 70 $query = $wpdb->get_var( $sql ); 71 }}} 67 72 1. Perhaps, we are all doing it wrong everywhere, and a deeper conclusion is required? 68 73 * Additionally plausible is that I've missed a mundane detail and all of this is wrong 🌚