sergiotarxz
/
Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Introducing "prepare", a WPDB method for sprintf()-prepared SQL statements. see #4553. Implementation details to follow. 

git-svn-id: https://develop.svn.wordpress.org/trunk@5778 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith 2007-07-04 16:18:57 +00:00
parent 8f31e395de
commit b0b9c7946b
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
wp-includes/wp-db.php
View File

@ -116,6 +116,26 @@ class wpdb {
return mysql_real_escape_string( $string, $this->dbh ); return mysql_real_escape_string( $string, $this->dbh );
} }
/**
* Escapes content by reference for insertion into the database, for security
* @param string $s
*/
function escape_by_ref(&$s) {
$s = $this->escape($s);
}
/**
* Prepares a SQL query for safe use, using sprintf() syntax
*/
function prepare($args=NULL) {
if ( NULL === $args )
return;
$args = func_get_args();
$query = array_shift($args);
array_walk($args, array(&$this, 'escape_by_ref'));
return @call_user_func_array('sprintf', array_merge(array($query), $args));
}
// ================================================================== // ==================================================================
// Print SQL/DB error. // Print SQL/DB error.