From fbdfcce157df6bb9633631cb60c9bd65cbbfdf42 Mon Sep 17 00:00:00 2001
From: markjaquith <markjaquith@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 4 Jul 2007 16:18:57 +0000
Subject: [PATCH] Introducing "prepare", a WPDB method for sprintf()-prepared
 SQL statements.  see #4553.  Implementation details to follow.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/wp-db.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index acf9a7e526..5df97b17f0 100644
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -116,6 +116,26 @@ class wpdb {
 			return mysql_real_escape_string( $string, $this->dbh );
 	}
 
+	/**
+	 * Escapes content by reference for insertion into the database, for security
+	 * @param string $s
+	 */
+	function escape_by_ref(&$s) {
+		$s = $this->escape($s);
+	}
+
+	/**
+	 * Prepares a SQL query for safe use, using sprintf() syntax
+	 */
+	function prepare($args=NULL) {
+		if ( NULL === $args )
+			return;
+		$args = func_get_args();
+		$query = array_shift($args);
+		array_walk($args, array(&$this, 'escape_by_ref'));
+		return @call_user_func_array('sprintf', array_merge(array($query), $args));
+	}
+
 	// ==================================================================
 	//	Print SQL/DB error.