[wp-trac] [WordPress Trac] #12942: Change str_replace to preg_replace for $wpdb->prepare function
WordPress Trac
wp-trac at lists.automattic.com
Fri Apr 9 17:09:04 UTC 2010
#12942: Change str_replace to preg_replace for $wpdb->prepare function
-------------------------+--------------------------------------------------
Reporter: gplaurin | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Unassigned
Component: General | Version: 2.9.2
Severity: normal | Keywords: database, prepare, sprintf
-------------------------+--------------------------------------------------
When using a prepare query like $db->prepare("SELECT usr.id FROM
`tmp_users` AS usr WHERE (usr.`email` = '%1\$s' AND usr.`date` = %2\$s) OR
usr.`oemail` = '%1\$s'"); wordpress won't properly handle the quote and
double quote replacement.
I'm not an expert with regex but I think this should replace the
str_replace's that are there: $query =
preg_replace('/[\',"]?(%\d?\$?s)[\',"]?/i', "'\$1'", $query);
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12942>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list