Introducing "prepare", a WPDB method for sprintf()-prepared SQL statements. see #4553. Implementation details to follow.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5778 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-07-04 16:18:57 +00:00
parent c671554b03
commit fbdfcce157
1 changed files with 20 additions and 0 deletions

View File

@ -116,6 +116,26 @@ class wpdb {
return mysql_real_escape_string( $string, $this->dbh );
}
/**
* Escapes content by reference for insertion into the database, for security
* @param string $s
*/
function escape_by_ref(&$s) {
$s = $this->escape($s);
}
/**
* Prepares a SQL query for safe use, using sprintf() syntax
*/
function prepare($args=NULL) {
if ( NULL === $args )
return;
$args = func_get_args();
$query = array_shift($args);
array_walk($args, array(&$this, 'escape_by_ref'));
return @call_user_func_array('sprintf', array_merge(array($query), $args));
}
// ==================================================================
// Print SQL/DB error.