From e09712d20811915e8a28d04a142071e140251f47 Mon Sep 17 00:00:00 2001 From: Ryan Boren Date: Thu, 19 Feb 2009 19:01:57 +0000 Subject: [PATCH] Use real escape in environments that support it. see #5455 git-svn-id: https://develop.svn.wordpress.org/trunk@10597 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-includes/wp-db.php | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index ccd3a6ef04..3fcaf62869 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -272,6 +272,15 @@ class wpdb { */ var $collate; + /** + * Whether to use mysql_real_escape_string + * + * @since 2.8.0 + * @access public + * @var bool + */ + var $real_escape = false; + /** * Connects to the database server and selects a database * @@ -333,16 +342,17 @@ class wpdb { $this->ready = true; if ( $this->has_cap( 'collation' ) ) { - $collation_query = ''; if ( !empty($this->charset) ) { - $collation_query = "SET NAMES '{$this->charset}'"; - if (!empty($this->collate) ) - $collation_query .= " COLLATE '{$this->collate}'"; + if ( function_exists('mysql_set_charset') ) { + mysql_set_charset($this->charset, $this->dbh); + $this->real_escape = true; + } else { + $collation_query = "SET NAMES '{$this->charset}'"; + if ( !empty($this->collate) ) + $collation_query .= " COLLATE '{$this->collate}'"; + $this->query($collation_query); + } } - - if ( !empty($collation_query) ) - $this->query($collation_query); - } $this->select($dbname); @@ -426,14 +436,10 @@ class wpdb { * @return string query safe string */ function escape($string) { - return addslashes( $string ); - // Disable rest for now, causing problems - /* - if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' ) - return mysql_escape_string( $string ); - else + if ( $this->dbh && $this->real_escape ) return mysql_real_escape_string( $string, $this->dbh ); - */ + else + return addslashes( $string ); } /**