#WordPress 6.2 has been released, and includes my patch to escape Identifiers in SQL, using `%i`. This allows the $query in wpdb::prepare() to be a `literal-string`, which ensures you can’t have an SQL Injection Vulnerability

by David Bisset

#WordPress 6.2 has been released, and includes my patch to escape Identifiers in SQL, using `%i`.

This allows the $query in wpdb::prepare() to be a `literal-string`, which ensures you can’t have an SQL Injection Vulnerability 🥳

To top