mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Introducing "prepare", a WPDB method for sprintf()-prepared SQL statements. see #4553. Implementation details to follow.
git-svn-id: http://svn.automattic.com/wordpress/trunk@5778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
c671554b03
commit
fbdfcce157
@ -116,6 +116,26 @@ class wpdb {
|
||||
return mysql_real_escape_string( $string, $this->dbh );
|
||||
}
|
||||
|
||||
/**
|
||||
* Escapes content by reference for insertion into the database, for security
|
||||
* @param string $s
|
||||
*/
|
||||
function escape_by_ref(&$s) {
|
||||
$s = $this->escape($s);
|
||||
}
|
||||
|
||||
/**
|
||||
* Prepares a SQL query for safe use, using sprintf() syntax
|
||||
*/
|
||||
function prepare($args=NULL) {
|
||||
if ( NULL === $args )
|
||||
return;
|
||||
$args = func_get_args();
|
||||
$query = array_shift($args);
|
||||
array_walk($args, array(&$this, 'escape_by_ref'));
|
||||
return @call_user_func_array('sprintf', array_merge(array($query), $args));
|
||||
}
|
||||
|
||||
// ==================================================================
|
||||
// Print SQL/DB error.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user