esc_sql() for wp-includes

git-svn-id: https://develop.svn.wordpress.org/trunk@11978 602fd350-edb4-49c9-b593-d223f7449a82
2026-03-31 02:34:38 +00:00 · 2009-09-27 05:33:56 +00:00
parent 343e591c2b
commit 737378702c
7 changed files with 15 additions and 15 deletions
--- a/wp-includes/user.php
+++ b/wp-includes/user.php
@@ -153,7 +153,7 @@ function wp_authenticate_cookie($user, $username, $password) {
 function get_profile($field, $user = false) {
 	global $wpdb;
 	if ( !$user )
-		$user = $wpdb->escape($_COOKIE[USER_COOKIE]);
+		$user = esc_sql( $_COOKIE[USER_COOKIE] );
 	return $wpdb->get_var( $wpdb->prepare("SELECT $field FROM $wpdb->users WHERE user_login = %s", $user) );
 }