Use prepare instead of escape.

see #21767 git-svn-id: https://develop.svn.wordpress.org/trunk@23564 602fd350-edb4-49c9-b593-d223f7449a82
2013-03-01 17:01:01 +00:00 · 2013-03-01 17:01:01 +00:00 · e737c7120e
parent 4088ca8723
commit e737c7120e
1 changed files with 2 additions and 6 deletions
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@ -505,13 +505,11 @@ function populate_options() {
 		else
 			$autoload = 'yes';

-		$option = $wpdb->escape($option);
 		if ( is_array($value) )
 			$value = serialize($value);
-		$value = $wpdb->escape($value);
 		if ( !empty($insert) )
 			$insert .= ', ';
-		$insert .= "('$option', '$value', '$autoload')";
+		$insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload );
 	}

 	if ( !empty($insert) )
@ -921,13 +919,11 @@ We hope you enjoy your new site. Thanks!

 	$insert = '';
 	foreach ( $sitemeta as $meta_key => $meta_value ) {
-		$meta_key = $wpdb->escape( $meta_key );
 		if ( is_array( $meta_value ) )
 			$meta_value = serialize( $meta_value );
-		$meta_value = $wpdb->escape( $meta_value );
 		if ( !empty( $insert ) )
 			$insert .= ', ';
-		$insert .= "( $network_id, '$meta_key', '$meta_value')";
+		$insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value );
 	}
 	$wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert );