#WordPress 6.2 has been released, and includes my patch to escape Identifiers in SQL, using `%i`.This allows the $query in wpdb::prepare() to be a `literal-string`, which ensures you can’t have an SQL Injection Vulnerability 🥳

by David Bisset

#WordPress 6.2 has been released, and includes my patch to escape Identifiers in SQL, using `%i`.

This allows the $query in wpdb::prepare() to be a `literal-string`, which ensures you can’t have an SQL Injection Vulnerability 🥳

To top