wpdb – wp-expert

Postponed to WP 6.2: Escaping Table and Field names with wpdb::prepare()

Posted on 31 October 2022 by

Support for %i to escape Table and Field names was postponed to 6.2, see: Escaping Table and Field names with wpdb::prepare() in WordPress A problem was found during RC5, where some extensions use field LIKE “%%%s%%”, and expect the %s Continue reading Postponed to WP 6.2: Escaping Table and Field names with wpdb::prepare()→

Escaping Table and Field names with wpdb::prepare() in WordPress 6.1

Posted on 8 October 2022 by

As part of the WordPress 6.1 release, wpdb::prepare() has been updated so it can escape Identifiers (such as Table and Field names) with the %i placeholder (#52506). This ensures these values are escaped correctly and don’t lead to SQL Injection Vulnerabilities. Continue reading Escaping Table and Field names with wpdb::prepare() in WordPress 6.1→

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31