WPDB准备-像%-占位​​符?

9

LIKE语句中的这些{xxx...}占位符是否%正常?如果是这样,它们何时会转换回%

SHELL
wp> global $wpdb;
wp> $q = "%s";
=> string(2) "%s"
wp> $pq = $wpdb->prepare($q, '%hi%');
=> string(136) "'{6e039dc0b074a5ff6828a070d0c24708d132341f32dff55a053f1410beabaacd}hi{6e039dc0b074a5ff6828a070d0c24708d132341f32dff55a053f1410beabaacd}'"
wpdb 
保罗
source

Answers:

12

是的,它们很正常。在4.8.3中添加了它们,以修复SQL注入漏洞。

您可以阅读描述该发生的技术原因的文章在这里和变化的票在这里

占位符由函数的最后一行的随机字符替换$wpdb->prepare(),该$wpdb->add_placeholder_escape()函数在$wpdb->placeholder_escape()内部调用。

这些占位符被作为过滤器添加到钩子$wpdb->query()$wpdb->remove_placeholder_escape()函数删除query

雅各布·皮蒂
source
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.