Deprecate wpdb::escape() in favor of wpdb::prepare() and esc_sql(). fixes #24774.
git-svn-id: http://core.svn.wordpress.org/trunk@24718 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Andrew Nacin
parent
4655dfea07
commit
3b4f3dea29
|
|
@ -2591,17 +2591,19 @@ function _deep_replace( $search, $subject ) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Escapes data for use in a MySQL query
|
||||
* Escapes data for use in a MySQL query.
|
||||
*
|
||||
* This is just a handy shortcut for $wpdb->escape(), for completeness' sake
|
||||
* Usually you should prepare queries using wpdb::prepare().
|
||||
* Sometimes, spot-escaping is required or useful. One example
|
||||
* is preparing an array for use in an IN clause.
|
||||
*
|
||||
* @since 2.8.0
|
||||
* @param string $sql Unescaped SQL data
|
||||
* @return string The cleaned $sql
|
||||
* @param string $data Unescaped data
|
||||
* @return string Escaped data
|
||||
*/
|
||||
function esc_sql( $sql ) {
|
||||
function esc_sql( $data ) {
|
||||
global $wpdb;
|
||||
return $wpdb->escape( $sql );
|
||||
return $wpdb->_escape( $data );
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -846,16 +846,22 @@ class wpdb {
|
|||
}
|
||||
|
||||
/**
|
||||
* Weak escape, using addslashes()
|
||||
* Do not use, deprecated.
|
||||
*
|
||||
* Use esc_sql() or wpdb::prepare() instead.
|
||||
*
|
||||
* @see addslashes()
|
||||
* @since 2.8.0
|
||||
* @deprecated 3.6.0
|
||||
* @see wpdb::prepare
|
||||
* @see esc_sql()
|
||||
* @access private
|
||||
*
|
||||
* @param string $string
|
||||
* @return string
|
||||
*/
|
||||
function _weak_escape( $string ) {
|
||||
if ( func_num_args() === 1 )
|
||||
_deprecated_function( __METHOD__, '3.6', 'wpdb::prepare() or esc_sql()' );
|
||||
return addslashes( $string );
|
||||
}
|
||||
|
||||
|
|
@ -876,7 +882,6 @@ class wpdb {
|
|||
/**
|
||||
* Escape data. Works on arrays.
|
||||
*
|
||||
* @uses wpdb::_escape()
|
||||
* @uses wpdb::_real_escape()
|
||||
* @since 2.8.0
|
||||
* @access private
|
||||
|
|
@ -886,7 +891,7 @@ class wpdb {
|
|||
*/
|
||||
function _escape( $data ) {
|
||||
if ( is_array( $data ) ) {
|
||||
foreach ( (array) $data as $k => $v ) {
|
||||
foreach ( $data as $k => $v ) {
|
||||
if ( is_array($v) )
|
||||
$data[$k] = $this->_escape( $v );
|
||||
else
|
||||
|
|
@ -900,24 +905,30 @@ class wpdb {
|
|||
}
|
||||
|
||||
/**
|
||||
* Escapes content for insertion into the database using addslashes(), for security.
|
||||
* Do not use, deprecated.
|
||||
*
|
||||
* Works on arrays.
|
||||
* Use esc_sql() or wpdb::prepare() instead.
|
||||
*
|
||||
* @since 0.71
|
||||
* @param string|array $data to escape
|
||||
* @return string|array escaped as query safe string
|
||||
* @deprecated 3.6.0
|
||||
* @see wpdb::prepare()
|
||||
* @see esc_sql()
|
||||
*
|
||||
* @param mixed $data
|
||||
* @return mixed
|
||||
*/
|
||||
function escape( $data ) {
|
||||
if ( func_num_args() === 1 )
|
||||
_deprecated_function( __METHOD__, '3.6', 'wpdb::prepare() or esc_sql()' );
|
||||
if ( is_array( $data ) ) {
|
||||
foreach ( (array) $data as $k => $v ) {
|
||||
foreach ( $data as $k => $v ) {
|
||||
if ( is_array( $v ) )
|
||||
$data[$k] = $this->escape( $v );
|
||||
$data[$k] = $this->escape( $v, 'recursive' );
|
||||
else
|
||||
$data[$k] = $this->_weak_escape( $v );
|
||||
$data[$k] = $this->_weak_escape( $v, 'internal' );
|
||||
}
|
||||
} else {
|
||||
$data = $this->_weak_escape( $data );
|
||||
$data = $this->_weak_escape( $data, 'internal' );
|
||||
}
|
||||
|
||||
return $data;
|
||||
|
|
|
|||
Loading…
Reference in New Issue