From dffd2b1bd96360567fba6237f5333e25f367dd17 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Tue, 16 Jul 2013 14:07:53 +0000 Subject: [PATCH] Always use mysql_real_escape_string(), even when DB_CHARSET is not properly set. fixes #24773. git-svn-id: http://core.svn.wordpress.org/trunk@24712 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/wp-db.php | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php index b3f375326a..2a86b5b7e7 100644 --- a/wp-includes/wp-db.php +++ b/wp-includes/wp-db.php @@ -441,15 +441,6 @@ class wpdb { */ var $collate; - /** - * Whether to use mysql_real_escape_string - * - * @since 2.8.0 - * @access public - * @var bool - */ - var $real_escape = false; - /** * Database Username * @@ -648,7 +639,6 @@ class wpdb { if ( $this->has_cap( 'collation' ) && ! empty( $charset ) ) { if ( function_exists( 'mysql_set_charset' ) && $this->has_cap( 'set_charset' ) ) { mysql_set_charset( $charset, $dbh ); - $this->real_escape = true; } else { $query = $this->prepare( 'SET NAMES %s', $charset ); if ( ! empty( $collate ) ) @@ -870,10 +860,9 @@ class wpdb { } /** - * Real escape, using mysql_real_escape_string() or addslashes() + * Real escape, using mysql_real_escape_string() * * @see mysql_real_escape_string() - * @see addslashes() * @since 2.8.0 * @access private * @@ -881,10 +870,7 @@ class wpdb { * @return string escaped */ function _real_escape( $string ) { - if ( $this->dbh && $this->real_escape ) - return mysql_real_escape_string( $string, $this->dbh ); - else - return addslashes( $string ); + return mysql_real_escape_string( $string, $this->dbh ); } /**