[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes

WordPress Trac wp-trac at lists.automattic.com
Mon Feb 15 14:25:46 UTC 2010


#11819: Use mysql_real_escape_string instead of addslashes
-----------------------------------+----------------------------------------
 Reporter:  hakre                  |        Owner:  ryan    
     Type:  defect (bug)           |       Status:  reopened
 Priority:  high                   |    Milestone:  3.0     
Component:  Security               |      Version:  2.5     
 Severity:  critical               |   Resolution:          
 Keywords:  dev-feedback featured  |  
-----------------------------------+----------------------------------------

Comment(by Denis-de-Bernardy):

 @microgroove: not quite obsolete yet. addslashes_gpc() might also need to
 be fixed.

 It would be really sweet if this were fixed in WP 3.0. there's going to be
 an increasing number of WPMU installs, and many may eventually be subject
 to SQL injections because wpdb->escape() is a mere alias for addslashes().

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list