[wp-trac] [WordPress Trac] #57149: get_table_from_query() doesn't properly handle a prepared escape_like() table name
WordPress Trac
noreply at wordpress.org
Fri Nov 18 15:15:43 UTC 2022
#57149: get_table_from_query() doesn't properly handle a prepared escape_like()
table name
--------------------------+-----------------------------
Reporter: prettyboymp | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version:
Severity: normal | Keywords:
Focuses: multisite |
--------------------------+-----------------------------
A common way to check if a table exists is to run a query like the
following, the same way that `maybe_create_table()` currently works:
{{{#!php
<?php
$wpdb->prepare( 'SHOW TABLES LIKE %s', $wpdb->esc_like( $table_name ) );
}}}
This results in the prepared query for a table name such as
`wp_my_custom_table` to end up being:
{{{
SHOW TABLES LIKE 'wp\\_my\\_custom\\_table'
}}}
While the above isn't necessarily a proper query, it is still valid.
The problem is that `$wpdb->get_table_from_query()` ends up returning the
table name with extra slashes, e.g. `wp\_my\_custom\_table`. This
specifically breaks HyperDB which is attempting to use that table name to
determine the dataset to use.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57149>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list