Importing post... ";
preg_match('|(.*?)|is', $post, $title);
-$title = addslashes( trim($title[1]) );
+$title = $wpdb->escape( trim($title[1]) );
$post_name = sanitize_title($title);
preg_match('|(.*?)|is', $post, $date);
@@ -92,7 +92,7 @@ $post_date = date('Y-m-d H:i:s', $date);
preg_match('|(.*?)|is', $post, $content);
-$content = str_replace( array(''), '', addslashes( trim($content[1]) ) );
+$content = str_replace( array(''), '', $wpdb->escape( trim($content[1]) ) );
// Now lets put it in the DB
if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'")) :
diff --git a/wp-admin/import-mt.php b/wp-admin/import-mt.php
index a1e6f4821d..b520d4c69f 100644
--- a/wp-admin/import-mt.php
+++ b/wp-admin/import-mt.php
@@ -206,7 +206,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
// We want the excerpt
preg_match("|-----\nEXCERPT:(.*)|s", $post, $excerpt);
- $excerpt = addslashes(trim($excerpt[1]));
+ $excerpt = $wpdb->escape(trim($excerpt[1]));
$post = preg_replace("|(-----\nEXCERPT:.*)|s", '', $post);
// We're going to put extended body into main body with a more tag
@@ -218,7 +218,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
// Now for the main body
preg_match("|-----\nBODY:(.*)|s", $post, $body);
$body = trim($body[1]);
- $post_content = addslashes($body . $extended);
+ $post_content = $wpdb->escape($body . $extended);
$post = preg_replace("|(-----\nBODY:.*)|s", '', $post);
// Grab the metadata from what's left
@@ -235,7 +235,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
$post_author = $value;
break;
case 'TITLE':
- $post_title = addslashes($value);
+ $post_title = $wpdb->escape($value);
echo ''.stripslashes($post_title).'... ';
$post_name = sanitize_title($post_title);
break;
@@ -264,10 +264,10 @@ foreach ($posts as $post) { if ('' != trim($post)) {
}
break;
case 'PRIMARY CATEGORY':
- $post_categories[] = addslashes($value);
+ $post_categories[] = $wpdb->escape($value);
break;
case 'CATEGORY':
- $post_categories[] = addslashes($value);
+ $post_categories[] = $wpdb->escape($value);
break;
case 'DATE':
$post_date = strtotime($value);
@@ -323,11 +323,11 @@ foreach ($posts as $post) { if ('' != trim($post)) {
if ('' != trim($comment)) {
// Author
preg_match("|AUTHOR:(.*)|", $comment, $comment_author);
- $comment_author = addslashes(trim($comment_author[1]));
+ $comment_author = $wpdb->escape(trim($comment_author[1]));
$comment = preg_replace('|(\n?AUTHOR:.*)|', '', $comment);
preg_match("|EMAIL:(.*)|", $comment, $comment_email);
- $comment_email = addslashes(trim($comment_email[1]));
+ $comment_email = $wpdb->escape(trim($comment_email[1]));
$comment = preg_replace('|(\n?EMAIL:.*)|', '', $comment);
preg_match("|IP:(.*)|", $comment, $comment_ip);
@@ -335,7 +335,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
$comment = preg_replace('|(\n?IP:.*)|', '', $comment);
preg_match("|URL:(.*)|", $comment, $comment_url);
- $comment_url = addslashes(trim($comment_url[1]));
+ $comment_url = $wpdb->escape(trim($comment_url[1]));
$comment = preg_replace('|(\n?URL:.*)|', '', $comment);
preg_match("|DATE:(.*)|", $comment, $comment_date);
@@ -343,7 +343,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
$comment_date = date('Y-m-d H:i:s', strtotime($comment_date));
$comment = preg_replace('|(\n?DATE:.*)|', '', $comment);
- $comment_content = addslashes(trim($comment));
+ $comment_content = $wpdb->escape(trim($comment));
$comment_content = str_replace('-----', '', $comment_content);
// Check if it's already there
@@ -364,7 +364,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
if ('' != trim($ping)) {
// 'Author'
preg_match("|BLOG NAME:(.*)|", $ping, $comment_author);
- $comment_author = addslashes(trim($comment_author[1]));
+ $comment_author = $wpdb->escape(trim($comment_author[1]));
$ping = preg_replace('|(\n?BLOG NAME:.*)|', '', $ping);
$comment_email = '';
@@ -374,7 +374,7 @@ foreach ($posts as $post) { if ('' != trim($post)) {
$ping = preg_replace('|(\n?IP:.*)|', '', $ping);
preg_match("|URL:(.*)|", $ping, $comment_url);
- $comment_url = addslashes(trim($comment_url[1]));
+ $comment_url = $wpdb->escape(trim($comment_url[1]));
$ping = preg_replace('|(\n?URL:.*)|', '', $ping);
preg_match("|DATE:(.*)|", $ping, $comment_date);
@@ -383,10 +383,10 @@ foreach ($posts as $post) { if ('' != trim($post)) {
$ping = preg_replace('|(\n?DATE:.*)|', '', $ping);
preg_match("|TITLE:(.*)|", $ping, $ping_title);
- $ping_title = addslashes(trim($ping_title[1]));
+ $ping_title = $wpdb->escape(trim($ping_title[1]));
$ping = preg_replace('|(\n?TITLE:.*)|', '', $ping);
- $comment_content = addslashes(trim($ping));
+ $comment_content = $wpdb->escape(trim($ping));
$comment_content = str_replace('-----', '', $comment_content);
$comment_content = "$ping_title\n\n$comment_content";
diff --git a/wp-admin/import-rss.php b/wp-admin/import-rss.php
index 2e3f49b80f..cb7b615a23 100644
--- a/wp-admin/import-rss.php
+++ b/wp-admin/import-rss.php
@@ -87,7 +87,7 @@ $title = $date = $categories = $content = $post_id = '';
echo "
Importing post... ";
preg_match('|(.*?)|is', $post, $title);
-$title = addslashes( trim($title[1]) );
+$title = $wpdb->escape( trim($title[1]) );
$post_name = sanitize_title($title);
preg_match('|(.*?)|is', $post, $date);
@@ -112,11 +112,11 @@ if (!$categories) :
endif;
preg_match('|(.*?)|is', $post, $guid);
-if ($guid) $guid = addslashes( trim($guid[1]) );
+if ($guid) $guid = $wpdb->escape( trim($guid[1]) );
else $guid = '';
preg_match('|(.*?)|is', $post, $content);
-$content = str_replace( array(''), '', addslashes( trim($content[1]) ) );
+$content = str_replace( array(''), '', $wpdb->escape( trim($content[1]) ) );
if (!$content) : // This is for feeds that put content in description
preg_match('|(.*?)|is', $post, $content);
diff --git a/wp-admin/import-textpattern.php b/wp-admin/import-textpattern.php
index 0f5323fced..d2f81738eb 100644
--- a/wp-admin/import-textpattern.php
+++ b/wp-admin/import-textpattern.php
@@ -98,8 +98,8 @@ while ($post = mysql_fetch_array($posts)) {
$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
$posted = date('Y-m-d H:i:s', $timestamp);
- $content = addslashes($post['Body_html']);
- $title = addslashes($post['Title']);
+ $content = $wpdb->escape($post['Body_html']);
+ $title = $wpdb->escape($post['Title']);
$post_name = sanitize_title($title);
$wpdb->query("INSERT INTO $wpdb->posts
diff --git a/wp-admin/install.php b/wp-admin/install.php
index d037d7be1b..f5ad4b2600 100644
--- a/wp-admin/install.php
+++ b/wp-admin/install.php
@@ -143,7 +143,7 @@ $wpdb->query("UPDATE $wpdb->options SET option_value = '$weblog_title' WHERE opt
$wpdb->query("UPDATE $wpdb->options SET option_value = '$admin_email' WHERE option_name = 'admin_email'");
// Now drop in some default links
-$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".addslashes(__('Blogroll'))."')");
+$wpdb->query("INSERT INTO $wpdb->linkcategories (cat_id, cat_name) VALUES (1, '".$wpdb->escape(__('Blogroll'))."')");
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blog.carthik.net/index.php', 'Carthik', 1, 'http://blog.carthik.net/feed/');");
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://blogs.linux.ie/xeer/', 'Donncha', 1, 'http://blogs.linux.ie/xeer/feed/');");
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://zengun.org/weblog/', 'Michel', 1, 'http://zengun.org/weblog/feed/');");
@@ -154,21 +154,21 @@ $wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link
$wpdb->query("INSERT INTO $wpdb->links (link_url, link_name, link_category, link_rss) VALUES ('http://dougal.gunters.org/', 'Dougal', 1, 'http://dougal.gunters.org/feed/');");
// Default category
-$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".addslashes(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");
+$wpdb->query("INSERT INTO $wpdb->categories (cat_ID, cat_name, category_nicename) VALUES ('0', '".$wpdb->escape(__('Uncategorized'))."', '".sanitize_title(__('Uncategorized'))."')");
// First post
$now = date('Y-m-d H:i:s');
$now_gmt = gmdate('Y-m-d H:i:s');
-$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".addslashes(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".addslashes(__('Hello world!'))."', '0', '".addslashes(__('hello-world'))."', '$now', '$now_gmt')");
+$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!'))."', '".$wpdb->escape(__('Hello world!'))."', '0', '".$wpdb->escape(__('hello-world'))."', '$now', '$now_gmt')");
$wpdb->query( "INSERT INTO $wpdb->post2cat (`rel_id`, `post_id`, `category_id`) VALUES (1, 1, 1)" );
// Default comment
-$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".addslashes(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".addslashes(__('Hi, this is a comment. To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
+$wpdb->query("INSERT INTO $wpdb->comments (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_date, comment_date_gmt, comment_content) VALUES ('1', '".$wpdb->escape(__('Mr WordPress'))."', '', 'http://wordpress.org', '$now', '$now_gmt', '".$wpdb->escape(__('Hi, this is a comment. To delete a comment, just log in, and view the posts\' comments, there you will have the option to edit or delete them.'))."')");
// First Page
-$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '".addslashes(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".addslashes(__('About'))."', '0', '".addslashes(__('about'))."', '$now', '$now_gmt', 'static')");
+$wpdb->query("INSERT INTO $wpdb->posts (post_author, post_date, post_date_gmt, post_content, post_title, post_category, post_name, post_modified, post_modified_gmt, post_status) VALUES ('1', '$now', '$now_gmt', '".$wpdb->escape(__('This is an example of a WordPress page, you could edit this to put information about yourself or your site so readers know where you are coming from. You can create as many pages like this one or sub-pages as you like and manage all of your content inside of WordPress.'))."', '".$wpdb->escape(__('About'))."', '0', '".$wpdb->escape(__('about'))."', '$now', '$now_gmt', 'static')");
// Set up admin user
$random_password = substr(md5(uniqid(microtime())), 0, 6);
diff --git a/wp-admin/link-categories.php b/wp-admin/link-categories.php
index 4ca3e2ac36..86f3da384c 100644
--- a/wp-admin/link-categories.php
+++ b/wp-admin/link-categories.php
@@ -60,9 +60,9 @@ switch ($action) {
if ($sort_desc != 'Y') {
$sort_desc = 'N';
}
- $text_before_link = addslashes($_POST['text_before_link']);
- $text_after_link = addslashes($_POST['text_after_link']);
- $text_after_all = addslashes($_POST['text_after_all']);
+ $text_before_link = $_POST['text_before_link'];
+ $text_after_link = $_POST['text_after_link'];
+ $text_after_all = $_POST['text_after_all'];
$list_limit = $_POST['list_limit'];
if ($list_limit == '')
@@ -238,9 +238,9 @@ switch ($action) {
if ($sort_desc != 'Y') {
$sort_desc = 'N';
}
- $text_before_link = addslashes($_POST["text_before_link"]);
- $text_after_link = addslashes($_POST["text_after_link"]);
- $text_after_all = addslashes($_POST["text_after_all"]);
+ $text_before_link = $_POST["text_before_link"];
+ $text_after_link = $_POST["text_after_link"];
+ $text_after_all = $_POST["text_after_all"];
$list_limit = $_POST["list_limit"];
if ($list_limit == '')
diff --git a/wp-admin/link-import.php b/wp-admin/link-import.php
index 51c1bf87ea..698bd7f843 100644
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@@ -107,7 +107,7 @@ switch ($step) {
if ('http' == substr($titles[$i], 0, 4))
$titles[$i] = '';
$query = "INSERT INTO $wpdb->links (link_url, link_name, link_target, link_category, link_description, link_owner, link_rss)
- VALUES('{$urls[$i]}', '".addslashes($names[$i])."', '', $cat_id, '".addslashes($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
+ VALUES('{$urls[$i]}', '".$wpdb->escape($names[$i])."', '', $cat_id, '".$wpdb->escape($descriptions[$i])."', $user_ID, '{$feeds[$i]}')\n";
$result = $wpdb->query($query);
echo sprintf(__("
Inserted %s
"), $names[$i]);
}
diff --git a/wp-admin/update-links.php b/wp-admin/update-links.php
index 389a9a2598..a02474ea90 100644
--- a/wp-admin/update-links.php
+++ b/wp-admin/update-links.php
@@ -36,8 +36,8 @@ if( false !== ( $fs = fsockopen('api.pingomatic.com', 80, $errno, $errstr, 5) )
$returns = explode("\n", $body);
foreach ($returns as $return) :
- $time = addslashes( substr($return, 0, 19) );
- $uri = addslashes( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
+ $time = $wpdb->escape( substr($return, 0, 19) );
+ $uri = $wpdb->escape( preg_replace('/(.*?) | (.*?)/', '$2', $return) );
$wpdb->query("UPDATE $wpdb->links SET link_updated = '$time' WHERE link_url = '$uri'");
endforeach;
}
diff --git a/wp-admin/upgrade-functions.php b/wp-admin/upgrade-functions.php
index aa1fa1361d..f2ef5c9b70 100644
--- a/wp-admin/upgrade-functions.php
+++ b/wp-admin/upgrade-functions.php
@@ -221,23 +221,23 @@ function upgrade_160() {
$users = $wpdb->get_results("SELECT * FROM $wpdb->users");
foreach ( $users as $user ) :
if ( !empty( $user->user_firstname ) )
- update_usermeta( $user->ID, 'first_name', addslashes($user->user_firstname) );
+ update_usermeta( $user->ID, 'first_name', $wpdb->escape($user->user_firstname) );
if ( !empty( $user->user_lastname ) )
- update_usermeta( $user->ID, 'last_name', addslashes($user->user_lastname) );
+ update_usermeta( $user->ID, 'last_name', $wpdb->escape($user->user_lastname) );
if ( !empty( $user->user_nickname ) )
- update_usermeta( $user->ID, 'nickname', addslashes($user->user_nickname) );
+ update_usermeta( $user->ID, 'nickname', $wpdb->escape($user->user_nickname) );
if ( !empty( $user->user_level ) )
update_usermeta( $user->ID, $table_prefix . 'user_level', $user->user_level );
if ( !empty( $user->user_icq ) )
- update_usermeta( $user->ID, 'icq', addslashes($user->user_icq) );
+ update_usermeta( $user->ID, 'icq', $wpdb->escape($user->user_icq) );
if ( !empty( $user->user_aim ) )
- update_usermeta( $user->ID, 'aim', addslashes($user->user_aim) );
+ update_usermeta( $user->ID, 'aim', $wpdb->escape($user->user_aim) );
if ( !empty( $user->user_msn ) )
- update_usermeta( $user->ID, 'msn', addslashes($user->user_msn) );
+ update_usermeta( $user->ID, 'msn', $wpdb->escape($user->user_msn) );
if ( !empty( $user->user_yim ) )
- update_usermeta( $user->ID, 'yim', addslashes($user->user_icq) );
+ update_usermeta( $user->ID, 'yim', $wpdb->escape($user->user_icq) );
if ( !empty( $user->user_description ) )
- update_usermeta( $user->ID, 'description', addslashes($user->user_description) );
+ update_usermeta( $user->ID, 'description', $wpdb->escape($user->user_description) );
if ( !isset( $user->user_idmode ) ):
$idmode = $user->user_idmode;
@@ -248,7 +248,7 @@ function upgrade_160() {
if ($idmode == 'namefl') $id = $user->user_firstname.' '.$user->user_lastname;
if ($idmode == 'namelf') $id = $user->user_lastname.' '.$user->user_firstname;
if (!$idmode) $id = $user->user_nickname;
- $id = addslashes( $id );
+ $id = $wpdb->escape( $id );
$wpdb->query("UPDATE $wpdb->users SET display_name = '$id' WHERE ID = '$user->ID'");
endif;
endforeach;
diff --git a/wp-comments-post.php b/wp-comments-post.php
index 865bb280ee..ef49b8875f 100644
--- a/wp-comments-post.php
+++ b/wp-comments-post.php
@@ -24,9 +24,9 @@ $comment_content = trim($_POST['comment']);
// If the user is logged in
get_currentuserinfo();
if ( $user_ID ) :
- $comment_author = addslashes($user_identity);
- $comment_author_email = addslashes($user_email);
- $comment_author_url = addslashes($user_url);
+ $comment_author = $wpdb->escape($user_identity);
+ $comment_author_email = $wpdb->escape($user_email);
+ $comment_author_url = $wpdb->escape($user_url);
else :
if ( get_option('comment_registration') )
die( __('Sorry, you must be logged in to post a comment.') );
diff --git a/wp-includes/comment-functions.php b/wp-includes/comment-functions.php
index ea707ea069..e1b426e374 100644
--- a/wp-includes/comment-functions.php
+++ b/wp-includes/comment-functions.php
@@ -13,8 +13,8 @@ function comments_template( $file = '/comments.php' ) {
if ( empty($comment_author) ) {
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND comment_approved = '1' ORDER BY comment_date");
} else {
- $author_db = addslashes($comment_author);
- $email_db = addslashes($comment_author_email);
+ $author_db = $wpdb->escape($comment_author);
+ $email_db = $wpdb->escape($comment_author_email);
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
}
diff --git a/wp-includes/functions-formatting.php b/wp-includes/functions-formatting.php
index 861cdb2a32..fa8a4e5840 100644
--- a/wp-includes/functions-formatting.php
+++ b/wp-includes/functions-formatting.php
@@ -523,10 +523,13 @@ function trailingslashit($string) {
}
function addslashes_gpc($gpc) {
- if (!get_magic_quotes_gpc()) {
- $gpc = addslashes($gpc);
+ global $wpdb;
+
+ if (get_magic_quotes_gpc()) {
+ $gpc = stripslashes($gpc);
}
- return $gpc;
+
+ return $wpdb->escape($gpc);
}
function antispambot($emailaddy, $mailto=0) {
diff --git a/wp-includes/functions.php b/wp-includes/functions.php
index b0c74dcfbd..207b6b8964 100644
--- a/wp-includes/functions.php
+++ b/wp-includes/functions.php
@@ -843,7 +843,7 @@ function do_enclose( $content, $post_ID ) {
if ( $url != '' && !$wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE post_id = '$post_ID' AND meta_key = 'enclosure' AND meta_value LIKE ('$url%')") ) {
if ( $headers = wp_get_http_headers( $url) ) {
$len = (int) $headers['content-length'];
- $type = addslashes( $headers['content-type'] );
+ $type = $wpdb->escape( $headers['content-type'] );
$allowed_types = array( 'video', 'audio' );
if( in_array( substr( $type, 0, strpos( $type, "/" ) ), $allowed_types ) ) {
$meta_value = "$url\n$len\n$type\n";
@@ -1882,11 +1882,13 @@ function load_template($file) {
}
function add_magic_quotes($array) {
+ global $wpdb;
+
foreach ($array as $k => $v) {
if (is_array($v)) {
$array[$k] = add_magic_quotes($v);
} else {
- $array[$k] = addslashes($v);
+ $array[$k] = $wpdb->escape($v);
}
}
return $array;
diff --git a/wp-settings.php b/wp-settings.php
index 686e259fca..86db740bfd 100644
--- a/wp-settings.php
+++ b/wp-settings.php
@@ -136,13 +136,20 @@ load_default_textdomain();
// Pull in locale data after loading text domain.
require_once(ABSPATH . WPINC . '/locale.php');
-if ( !get_magic_quotes_gpc() ) {
- $_GET = add_magic_quotes($_GET );
- $_POST = add_magic_quotes($_POST );
- $_COOKIE = add_magic_quotes($_COOKIE);
- $_SERVER = add_magic_quotes($_SERVER);
+// If already slashed, strip.
+if ( get_magic_quotes_gpc() ) {
+ $_GET = stripslashes($_GET );
+ $_POST = stripslashes($_POST );
+ $_COOKIE = stripslashes($_COOKIE);
+ $_SERVER = stripslashes($_SERVER);
}
+// Escape with wpdb.
+$_GET = add_magic_quotes($_GET );
+$_POST = add_magic_quotes($_POST );
+$_COOKIE = add_magic_quotes($_COOKIE);
+$_SERVER = add_magic_quotes($_SERVER);
+
function shutdown_action_hook() {
do_action('shutdown');
}
diff --git a/xmlrpc.php b/xmlrpc.php
index baa93930ca..a00abc0199 100644
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -1249,7 +1249,7 @@ class wp_xmlrpc_server extends IXR_Server {
$context = '[...] ' . wp_specialchars( $excerpt ) . ' [...]';
$original_pagelinkedfrom = $pagelinkedfrom;
- $pagelinkedfrom = addslashes( $pagelinkedfrom );
+ $pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
$original_title = $title;
$comment_post_ID = $post_ID;