[wp-trac] [WordPress Trac] #26896: Quotes not added around strings using wpdb->prepare with sprintf position specifiers
WordPress Trac
noreply at wordpress.org
Tue Jan 21 10:50:03 UTC 2014
#26896: Quotes not added around strings using wpdb->prepare with sprintf position
specifiers
--------------------------+-----------------------------
Reporter: neonWired | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 3.2.1
Severity: minor | Keywords:
--------------------------+-----------------------------
The docs state that 'you do not have to worry about quoting strings' when
using prepare however this is not the case if you use position specifiers.
For example:
$wpdb->prepare('INSERT INTO table (col1, col2, col3) VALUES (%s, %s, $d)',
$email, $hash, $post_id);
will quote the strings, however using position specifiers like the below
quotes are not added cause a mysql error.
$wpdb->prepare('INSERT INTO table (col1, col2, col3) VALUES (%1$s, %2$s,
$3$d)', $email, $hash, $post_id);
If this is not a bug then the docs need updating to reflect this behavior.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26896>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list