Better escaping from class, fixes #1394

git-svn-id: https://develop.svn.wordpress.org/trunk@2684 602fd350-edb4-49c9-b593-d223f7449a82
2026-04-04 20:54:29 +00:00 · 2005-07-02 23:31:43 +00:00
parent 15a525e6dc
commit 8ed932864f
1 changed files with 4 additions and 1 deletions
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -77,7 +77,10 @@ class wpdb {
 	//	Format a string correctly for safe insert under all PHP conditions
 	
 	function escape($str) {
-		return addslashes($str);				
+		if( !$this->dbh || version_compare( phpversion(), '4.3.0' ) == '-1' )
+			return mysql_escape_string( $string );
+		else
+			return mysql_real_escape_string( $string, $this->dbh );
 	}

 	// ==================================================================