IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use wpdb->escape instead of addslashes to prepare DB bound data.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@2699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
2005-07-05 20:47:22 +00:00
parent a79476f1e7
commit 91efba11ad
19 changed files with 101 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/import-textpattern.php
View File

@@ -98,8 +98,8 @@ while ($post = mysql_fetch_array($posts)) {
$timestamp = mktime($hour, $minute, $second, $month, $day, $year);
$posted = date('Y-m-d H:i:s', $timestamp);
$content = addslashes($post['Body_html']);
$title = addslashes($post['Title']);
$content = $wpdb->escape($post['Body_html']);
$title = $wpdb->escape($post['Title']);
$post_name = sanitize_title($title);
$wpdb->query("INSERT INTO $wpdb->posts