New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add esc_sql_ident(), catering for reserved word column names. #23

merged 1 commit into from Aug 14, 2017


3 participants

gitlost commented Aug 11, 2017

PR #4

Adds esc_sql_ident() func to backtick column/table names and uses it throughout, though the only real fixes (excluding the unlikely case of backticks in column/table names) is in php_handle_col(), where primary keys weren't escaped, as mentioned in the original PR, and esc_sql()was used for $col_sql.

(A similar fix needs to be done for db search.)

Also adds note about the double escaping in the WP <= 3.9 part of esc_like() which I thought was wrong but turns out to be necessary.


This comment has been minimized.

Show comment
Hide comment

danielbachhuber Aug 14, 2017


@gitlost Are you ready for a review on this or is it on hold?


danielbachhuber commented Aug 14, 2017

@gitlost Are you ready for a review on this or is it on hold?

@gitlost gitlost requested a review from wp-cli/committers Aug 14, 2017

@schlessera schlessera added the bug label Aug 14, 2017

@schlessera schlessera added this to the 1.0.4 milestone Aug 14, 2017

@schlessera schlessera merged commit a73526d into master Aug 14, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

@schlessera schlessera deleted the esc_sql_ident branch Aug 14, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment