From e737c7120efeb9fd1a99269d7e74e4f28d8201eb Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Fri, 1 Mar 2013 17:01:01 +0000
Subject: [PATCH] Use prepare instead of escape.

see #21767


git-svn-id: https://develop.svn.wordpress.org/trunk@23564 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/includes/schema.php | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/wp-admin/includes/schema.php b/wp-admin/includes/schema.php
index 5dfb41b952..1f57cb1492 100644
--- a/wp-admin/includes/schema.php
+++ b/wp-admin/includes/schema.php
@@ -505,13 +505,11 @@ function populate_options() {
 		else
 			$autoload = 'yes';
 
-		$option = $wpdb->escape($option);
 		if ( is_array($value) )
 			$value = serialize($value);
-		$value = $wpdb->escape($value);
 		if ( !empty($insert) )
 			$insert .= ', ';
-		$insert .= "('$option', '$value', '$autoload')";
+		$insert .= $wpdb->prepare( "(%s, %s, %s)", $option, $value, $autoload );
 	}
 
 	if ( !empty($insert) )
@@ -921,13 +919,11 @@ We hope you enjoy your new site. Thanks!
 
 	$insert = '';
 	foreach ( $sitemeta as $meta_key => $meta_value ) {
-		$meta_key = $wpdb->escape( $meta_key );
 		if ( is_array( $meta_value ) )
 			$meta_value = serialize( $meta_value );
-		$meta_value = $wpdb->escape( $meta_value );
 		if ( !empty( $insert ) )
 			$insert .= ', ';
-		$insert .= "( $network_id, '$meta_key', '$meta_value')";
+		$insert .= $wpdb->prepare( "( %d, %s, %s)", $network_id, $meta_key, $meta_value );
 	}
 	$wpdb->query( "INSERT INTO $wpdb->sitemeta ( site_id, meta_key, meta_value ) VALUES " . $insert );