HostForge-Systems/wordpress
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use wpdb->escape instead of addslashes to prepare DB bound data.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@2699 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
2005-07-05 20:47:22 +00:00
parent a79476f1e7
commit 91efba11ad
19 changed files with 101 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/import-livejournal.php
View File

@@ -82,7 +82,7 @@ $title = $date = $categories = $content = $post_id = '';
echo "<li>Importing post... ";
preg_match('|<subject>(.*?)</subject>|is', $post, $title);
$title = addslashes( trim($title[1]) );
$title = $wpdb->escape( trim($title[1]) );
$post_name = sanitize_title($title);
preg_match('|<eventtime>(.*?)</eventtime>|is', $post, $date);
@@ -92,7 +92,7 @@ $post_date = date('Y-m-d H:i:s', $date);
preg_match('|<event>(.*?)</event>|is', $post, $content);
$content = str_replace( array('<![CDATA[', ']]>'), '', addslashes( trim($content[1]) ) );
$content = str_replace( array('<![CDATA[', ']]>'), '', $wpdb->escape( trim($content[1]) ) );
// Now lets put it in the DB
if ($wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' AND post_date = '$post_date'")) :