Use real escape in environments that support it. see #5455

git-svn-id: http://svn.automattic.com/wordpress/trunk@10597 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-02-19 19:01:57 +00:00
parent 693beba4aa
commit 5c82bfb14c

View File

@ -272,6 +272,15 @@ class wpdb {
*/
var $collate;
/**
* Whether to use mysql_real_escape_string
*
* @since 2.8.0
* @access public
* @var bool
*/
var $real_escape = false;
/**
* Connects to the database server and selects a database
*
@ -333,16 +342,17 @@ class wpdb {
$this->ready = true;
if ( $this->has_cap( 'collation' ) ) {
$collation_query = '';
if ( !empty($this->charset) ) {
if ( function_exists('mysql_set_charset') ) {
mysql_set_charset($this->charset, $this->dbh);
$this->real_escape = true;
} else {
$collation_query = "SET NAMES '{$this->charset}'";
if ( !empty($this->collate) )
$collation_query .= " COLLATE '{$this->collate}'";
}
if ( !empty($collation_query) )
$this->query($collation_query);
}
}
}
$this->select($dbname);
@ -426,14 +436,10 @@ class wpdb {
* @return string query safe string
*/
function escape($string) {
return addslashes( $string );
// Disable rest for now, causing problems
/*
if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
return mysql_escape_string( $string );
else
if ( $this->dbh && $this->real_escape )
return mysql_real_escape_string( $string, $this->dbh );
*/
else
return addslashes( $string );
}
/**