[wp-hackers] single quote #039; issue when querying the DB
Chris Jean
gaarai at gaarai.com
Mon Dec 7 22:20:01 UTC 2009
Looking at the meta functions in core (found in
wp-admin/includes/post.php), the code to handle the meta value for the
add, update, and get functions are as follows:
add_meta:
maybe_serialize( stripslashes( trim( $_POST['metavalue'] ) ) )
update_meta:
maybe_serialize( stripslashes( $meta_value ) )
get_post_meta_by_id:
if ( is_serialized_string( $meta->meta_value ) )
$meta->meta_value = maybe_unserialize( $meta->meta_value );
As you can, the reason for the change is due to the serialization. I'm
not sure exactly what you're trying to do, but using these code snippets
should allow you to get further in your project.
Chris Jean
http://gaarai.com/
@chrisjean
Olivier wrote:
> Hello,
>
> I am encountering a big problem and I canno't find any "clean"
> solution.
>
> When a meta_value is saved within the usermeta table, if it contains a
> single quote then it is converted to #39;
> for instance : tot'o is converted to tot#39;o
>
> Then when you get it back from the DB, it will be tot#039;o (note the
> added 0). This is not a problem if you just need to output data.
>
> But when it comes to perform a query with a condition on the
> meta_value, then I am lost because when I convert the single quote
> with any function like esc_html, it is converted to #039; and not #39;
> so if I query on "WHERE meta_value = $myvalue" which contains #039; it
> will always fail :(
>
> Any idea?
>
> I could obviously add a function to convert 039 to 39 before sending
> to the DB but well, if there is any built in function that does all
> the job directly (clean one step conversion from single quote to
> #39;), I would rather use it.
>
> Thanks!
>
> Olivier
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list