[wp-trac] [WordPress Trac] #63734: wpdb::prepare() should reject invalid schema object names
WordPress Trac
noreply at wordpress.org
Mon Jul 21 23:53:46 UTC 2025
#63734: wpdb::prepare() should reject invalid schema object names
-------------------------+-----------------------------
Reporter: dmsnell | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: trunk
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
MySQL imposes certain constraints on schema object names (table names,
column names, etc… what Core calls “identifiers” in some places). Queries
with invalid values for these names will always fail, but sending them to
the database incurs network traffic and latency.
If Core knows that a parameter cannot be valid then it could reject early
and skip sending the query to the database. It could even avoid performing
costly escaping of string values which also involve separate database
calls, if it knows that the query can never succeed.
One example is that schema object names cannot end in a space character.
Currently `wpdb->prepare( "SELECT * FROM %i", "test " )` will produce the
following table name:
{{{
`test `
}}}
…and this will always fail when run as a query.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63734>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list